For whatever it's worth, the Reddit story here says that the federal courts used "fraudulent warrants to jail my husband again". Maybe! The other side of that story, via PACER, is a detailed parole violation warrant (you can hear the marshal refer to it in the video); the violations in that warrant:
1. Admitting to using cannabis during supervised release
2. Failing to make scheduled restitution payments and to cooperate with the financial investigation that sets restitution payment amounts.
3. Falling out of contact with his probation officer, who attempted home visits to find him.
4. Opening several new lines of credit.
5. Using an unauthorized iPhone (all his Internet devices apparently have keyloggers as a condition of his release).
These read like kind of standard parole terms? I don't know what the hell happened to get him into this situation in the first place, though.
OK, I think I found the original thing Rockenhaus was convicted of.
Back in 2014, Rockenhaus worked for a travel booking company. He was fired. He used stale VPN access to connect back to the company's infrastructure, and then detached a SCSI LUN from the server cluster, crashing it. The company, not knowing he was involved, retained him to help diagnose and fix the problem. During the investigation, the company figured out he caused the crash, and terminated him again. He then somehow gained access to their disaster recovery facility and physically fucked up a bunch of servers. They were down a total of about 30 days and incurred $500k in losses.
(He plead this case out, so these are I guess uncontested claims).
>He plead this case out, so these are I guess uncontested claims
In a technical sense, this may be true as part of the plea agreement.
In reality, a lot of plea deals are made because of various factors, which unfortunately is often not that the person accused is guilty, rather the risk of going to trial or especially the cost of going to trial is too large.
I feel the need to point this out as too many folks look at “accepted plea deal” to mean that the person accepting is the guilty party when it can be more complicated than that in reality even if technically by judicial process they are by accepting that considered guilty.
That said, in this particular case, the hard evidence suggests that indeed, the person accused committed the crimes they pleaded out for
If all of that is true, then that is a very serious CFAA charge. It makes sense that they would want to downplay it as "minor" and "not relevant". It sounds like the parole violations came later? In any case, thank you for researching. There is always more to the story.
Weev 'violated' the CFAA for incrementing a GET request, with his overturned conviction only for wrong jurisdiction. So the government has put us in a position where it's hard to take the CFAA seriously.
We also know from prosecutions in other statutes that the government will often prosecute a a broad crime with many separate sub-definitions of the various way you can break it, then refuse to tell you under which sub-definition you're being charged, meaning you have no way to know if the jury even were unanimously convicting for the same thing and no way to know what you're even defending against.
As you probably know, it's everything that happened after they incremented that HTTP request that formed the basis for his charges. Message board discussions tend to want to distill "hacking" CFAA cases down to the specific shell script that ran, but these cases are almost always heavily situational and fact dependent.
Interestingly, Rockenhaus's isn't --- it's more or less exactly the circumstance foreseen by the authors of CFAA, who believed that even though existing law covered most hacking-type scenarios, they didn't form a clear basis for felony charges for purely destructive computer abuse.
This case has far more than the CFAA violation, though. There were multiple parole violations after the first incident, multiple attempts to evade the parole restrictions on Internet use, discovery of a pedophilia relate search query on his computer, a history of intentional damage to a company’s infrastructure to disrupt their operations, and more.
Being angry at the CFAA is one thing, but this case has no relation to modifying a simple GET request.
> We also know from prosecutions in other statutes that the government will often prosecute a a broad crime with many separate sub-definitions of the various way you can break it, then refuse to tell you under which sub-definition you're being charged, meaning you have no way to know if the jury even were unanimously convicting for the same thing and no way to know what you're even defending against.
Navy sailor was convicted of possessing machine guns and destructive devices.
The ATF for example put back together de-milled RPGs, which could be a destructive device
However the statute says the following:
(2) any type of weapon by whatever name known which will, or which may be readily converted to, expel a projectile by the action of an explosive or other propellant, the barrel or barrels of which have a bore of more than one-half inch in diameter, except a shotgun or shotgun shell which the Secretary finds is generally recognized as particularly suitable for sporting purposes; and (3) any combination of parts either designed or intended for use in converting any device into a destructive device as defined in subparagraphs (1) and (2) and from which a destructive device may be readily assembled.
The ATF took his demilled RPG, put another gun (owned by the ATF) inside of it, then fired it to prove it had a bore over 0.5 inch capable of expelling projectile.
But the state didn't tell him under what definition he was charged, so they didn't know if they were defending against the collection of parts the ATF took (falls under 3), or against the weapon the ATF claimed it was after they put the parts together (which falls under 2).
The normal answer to this is to request a bill of particulars, which was not requested here (afaict from the docket).
I think there is some slightly down-in-the-weeds confusion here - what does an indictment require vs ...
I think they screwed this up at trial and then tried to argue the indictment was insufficient, but i doubt they will get any appeals court to bite on this.
I posted it elsewhere, but you can listen to the oral argument of the appeal here:
It is a very accessible argument (in the sense of not need legal knowledge to usefully process it).
You can hear the judges sort of struggle to understand how this is an indicment opportunity, but really do seem to be trying to understand. They give counsel an opportunity to try to distinguish and explain things. Att around 10 minutes, one of the judges asks counsel for the bset case he has that says he's right, and he can't come up with one at all.
Which is probably the point at which he lost this appeal. :)
As i said elsehwere, i don't blame the lawyer - this seems like it woudl be a very hard case to win because of choices made at the level below. They are essentially arguing things they know will lose because nobody objected to things they should have at the level below.
Thanks for the reference! For the convenience of anyone else reading, the appeals docket is at https://www.courtlistener.com/docket/67566242/united-states-.... Note that there are two appeals briefs; it seems the defendant replaced their attorney at some point during the appeals process.
For what it's worth, I think this is the government's response to the argument you raise (on page 22 of the response brief, PDF page 30):
> Section 5845, captioned “[d]efinitions,” is a definitional provision, not a
criminal prohibition. As relevant here, § 5845(b) defines the term “machinegun,”
and § 5845(f) defines the term “destructive device.” These definitions do not create
additional elements of the offenses charged under §§ 5861(d) and 922(o). Therefore,
the government was not required to charge the applicable definition(s) in the
indictment. See, e.g., Robbins, 476 F.2d at 30 (holding that an indictment under
§ 5861(d) need not refer to the definitions in § 5845 to “fairly notify a defendant of
the charge against him”); United States v. Hoover, 635 F. Supp. 3d 1305, 1316
(M.D. Fla. 2022) (rejecting the argument that the government “was required to plead
the specific facts supporting its contention that the [firearms] at issue fall within the
definition of a machinegun”); cf. United States v. Pennington, 168 F.3d 1060, 1065
(8th Cir. 1999) (“The indictment’s failure to cite [18 U.S.C.] § 1346, a definitional
provision, and to use its specific term, ‘honest’ services, does not mean no crime
was charged.”).
And defendant's response, page 5:
> The question is whether the
indictment “fully, directly, and expressly, without any uncertainty or
ambiguity, set forth all the elements necessary to constitute the offence
intended to be punished” and whether the indictment complied “with the
necessity of alleging in the indictment all the facts necessary to bring
the case” within the intent of the statute. United States v. Carll, 105 U.S.
611 (1881) (emphasis added). The government’s failure to give any
specificity in the indictment cannot be remedied by wriggling as to
whether the missing information can be considered an “element” or not.
Even if the government were correct that the particular definition (or
definitions) the prosecution is proceeding under does not change
“elements,” it changes the “facts” underlying the scope of the statute.
I have no idea who is correct legally, and since oral arguments appear to have been held a few days ago I suppose I'll have to wait to see who is right.
The first question they asked is "why didn't you ask for a bill of particulars?".
Overall, they seemed very confused as to the argument made here - why is the indictment actually insufficient, and what words did you want them to use instead.
I don't think this will be a successful appeal at all - they seem to all agree this is not stuff that goes in an indictment, and to the degree that there was ambiguity, the correct answer was to request a bill of particulars.
At around 10 minutes, one of the judges asks counsel for the best case he has that says he's right, and he can't come up with one at all.
Which is probably the point at which he lost this appeal. :)
To be fair, i don't blame the lawyer, and i expect why the judges are being not too hard on him, is because he's doing his best to argue a losing case because of choices made at the district court level.
Yes there is, they can reargue the whole thing in another jurisdiction since he was never 'in jeopardy.'
Considering he was convicted in another jurisdiction, and they can retry him in the 'right' one, why wouldn't a reasonable person anticipate that might happen?
I don't think Weev is living in Ukraine/Transnistria to practice his Slavic languages.
And the reason why I brought up it was overturned, was because I knew someone would mention his case was vacated, and I wanted to make clear it wasn't vacated because there was something improper found about the legal question of the CFAA.
They could start over in the correct jurisdiction. Yes. The case that was being appealed is gone. Gone.
I think that the type of person that excels at software development would also excel at lawyering. But they should probably go to law school and pay attention in class.
Generally this is a good thing to happen, because it's fairly quick and easy to argue you're in the wrong jurisdiction... and if that's the case, it doesn't matter what the legal theory was, since the court couldn't convict you anyway.
Perhaps selfishly, I'd rather get out of a trial in the motion to dismiss stage, rather than having to very-expensively argue the merits all the way to the end.
Right. I think your parent comment was pointing out that it's not that the legal theory failed, but that it was never tested, and so might (or might not) still be sound.
As an example: Take a look at the URL of this page (https://news.ycombinator.com/item?id=45261163). Add 1 to that ID value (45261164) in your address bar. Hit Enter, your browser will GET whatever exists at the next ID.
Because people think they are clever and are trying to separate the act from the intent.
Unlocked doors, open windows, any lack of security doesn't give you permission to enter. Just as "incrementing a GET request" doesn't mean anything outside of the intent.
It's not about the actual HTTP request. Per se unauthorized access is just one predicate in these kinds of cases. It's about what the prosecutors claim you were doing when you made the access.
Okay but what information did he obtain by doing that? If I break into a mistakenly locked police station, surely I cannot use the excuse "I was simply turning a door knob"
The CFAA is in fact pretty complicated. The text of the law isn't, but the implications of that text are, and so is the jurisprudence. Rockenhaus's CFAA case does not appear to have been at all complicated, though.
I seem to remember cases or interpretations of the CFAA in which even guessing the username password combo of "admin:admin" would violate the act, resulting in teenagers or children being caught up in cYbEr FrAuD
It doesn't matter if you brute forced their crappy login with commonly-used credentials. You think it's OK for someone to rummage around in your garage just because they correctly guessed your keycode was 12345? Of course not.
> Doesn't this posture also criminalize white-hat hackers, whose disclosures would protect you from the people who actually want to do damage?
There is no law for "white-hat hackers". You don't get to break into a system because the color of your hat.
"White-hat hackers" have contracts, or very specific rules of engagement. Having run many a bug bounty, if someone was malicious, we would absolutely work to prosecute.
You can also find bugs in software freely, as long as you don't obtain unauthorized access to other people's systems.
This isn't true: there is, jurisdictionally dependent and I think also dependent on DOJ norms, a broad exception for good-faith white hat vulnerability research that would otherwise violate CFAA. Like I said, CFAA is very complicated in practice.
To stick with this analogy: I think a white hat equivalent would be more like driving down the street with a garage door remote set to a default code and then notifying anyone whose door opens in response that they should change their code. I don't think that should be illegal.
Walking through an unlocked door that has a sign "private property, do not enter", searching for sensitive information, finding it and exposing it surely could.
Or not, depending on how the party who owns what's inside that door feels. But if it feels he should be prosecuted, then hell yes, the state should do that. My 2c.
So now the door is unlocked?? Where are the goal posts?
Don't mess with people's stuff if they don't want you to. This seems very simple to me. But I'm aware that you're trying to find some fringy gray area where you think it will be OK to mess with people's stuff even though they don't want you to.
But CFAA charges should, and this is the issue a lot of people have with them afaict, have a sliding scale for premeditation though.
If I knock on a door, it swings open, and I walk inside and steal something, then imho there should be a lesser maximum charge for possessing burglary tools than if I show up with a lock gun, crowbar, and concrete saw.
A lot of the CFAA excesses are maximum penalties from the CFAA being thrown at people using minimally sophisticated / premeditated methods, in addition to charges about the underlying crime.
That doesn't seem just or fair.
In practice it's turned into an if(computer){increase maximum penalty} clause, solely at the government's discretion.
>If I knock on a door, it swings open, and I walk inside and steal something, then imho there should be a lesser maximum charge for possessing burglary tools than if I show up with a lock gun, crowbar, and concrete saw.
Why? (I'm not a lawyer...) - shouldn't intent and harm (i.e. the value of the stolen item) be the only relevant details? Now of course its much easier to demonstrate intent if there's a crowbar involved, but once that's already established, it seems irrelevant.
Because that's the way most method-specific laws work, at least in the US.
There's an underlying result crime (eg causing business harm by destroying a database), then the method by which one chose to do it (eg exceeding authorized access to a computer with the intent to cause harm).
The CFAA was originally passed under the erroneous worry that existing laws wouldn't be enforceable against cybercrime, which turned out to generally be false.
When you cause damage, there's almost always a law by which someone can sue you for those damages.
What there wasn't, and what the CFAA created, were extra penalties for computer crimes and an ability to charge people with computer crimes where there were no damages (eg Aaron Swartz).
And why should those things need to exist? Theft is theft. Destruction is destruction.
It fit with 'premeditated intent' intensifiers (where penalties escalate if premeditated intent can be proven)... but that wasn't actually how it was written or how it is used. Instead, it's a method-based checkbox that allows prosecutors to tack on additional charges / penalties. If a computer was used to destroy this thing, add X years the sentence.
It does sound like a crime to me too. But was it a password or other credential that was guessed, or was it just some sequential primary key? The latter is not an authorization system, and I do not believe it a crime to do that unless you have specific knowledge that it is likely to cause damage and/or the intent to cause that damage.
As far as I am concerned, I am allowed to send any traffic I wish to public-facing hosts, and if they respond with content that the owners would not wish me to see, I have no responsibility to refrain. The only traffic I am not permitted to send are credentials I am not authorized to use (this would include password guessing, because if I manage to guess correctly, I was still not permitted to use it).
You are not allowed unauthorized access regardless of how the key works.
> I am allowed to send any traffic I wish to public-facing hosts
No you're not. Denial of service is a federal crime.
> I have no responsibility to refrain
Yes you do, and this is just beyond silly. The nuance of how you obtained it will be decided in a court. Stop making everything so reductionist and lazy.
> The only traffic I am not permitted to send are credentials I am not authorized to use
Absolutely not. Use of a vulnerability to cause a data breach is OBVIOUSLY a federal crime.
Well, I guess it's a good thing for me that they're unable to notice or care and in general incompetent.
I am still permitted to do this. None of the details of this case give me the impression that they're using CFAA in such a way as to offend my sensibilities. Sounds like he sabotaged a former employer and caused hundreds of thousands in (tort not physical) damages. I guessed the urls for some issuu.com links that aren't available in search, and downloaded the page images to make a pdf. I was never prompted for a password. Arrest me, I'm a notorious hacker.
I mean... if someone walked into your house cause you only closed the screen door while running to the store quick you'd still call the cops cause there was someone breaking into your house lol.
Shutting down the server (you solely maintained) before leaving would be "minor" to me... intentionally causing damage, earning money from that, getting caught, and again causing physical damage.. that's pretty "major" to me.
As far as i can discern, the warrants aren't fraudulent.
Warrants (in the US anyway) require reasonable belief that the crimes listed were committed.
They don't have to be right, mind you (after all, that's what trial is for), they just need reasonable belief.
They also can't recklessly disregard the truth (IE deliberately write lies they know are wrong).
Again, it's okay for them to be wrong about their belief. It's just not okay to know they are wrong and write it anyway.
Here, reading the warrant, etc, there is nothing obviously fraudulent here.
Perhaps it is, of course, but i read everything i could find and it's completely non-obvious which part of the warrant is supposed to be fraudulent.
Even the sort of retaliation claim made here is strange - Arresting you when you appear to actually hvae broken the law is generally only considered retaliation if (among other things) the enforcement of the law is uneven - IE targeted at you and nobody else.
Given the arrest was for a parole violation and they arrest parole violations like this all the time, ....
Like if you are at a traffic stop becuase you ran a red light, call a cop an asshole, and they arrest you because you have 50kg of cocaine bricks in your back seat, it's not retaliation.
Retaliation would be if you call a cop an asshole on facebook, and they come arrest you for violation of an 1825 law that hasn't been used against anyone in 200 years.
Thanks. The overly aggressive arrest was not warranted, obviously.
However, I suspected there was a lot more to this story when the original post buried the actual reason for the arrest several paragraphs down and tried to dismiss it as “minor”. Intentionally damaging a company’s infrastructure with an intent to disrupt their operations is a very serious charge. Not a “minor” disagreement with a former employer.
Here's what the wife says about that[1], for the record:
> The Origins of a Retaliatory Prosecution (Texas, 2019-2022)
> Early 2019: Conrad Rockenhaus, a supporter of free speech, runs Tor exit nodes used by journalists and activists. Federal agents demand he assist them in decrypting traffic; he repeatedly refuses, asserting his constitutional rights.
> The Coerced Confession: The case against him began when he was forced to confess to a non-violent CFAA (computer crime) offense while under the influence of prescribed painkillers and not lucid following a major surgery.
> The Pretextual Arrest: Just months before the 5-year statute of limitations was set to expire, the federal government arrests Conrad on the CFAA charge. The family alleges this was a pretext for his refusal to cooperate on the Tor matter.
All that is as may be, but the CFAA charge here isn't pretextual; what he's alleged to have done is pretty serious by any standard. I have no trouble believing that the prosecution was motivated by Tor drama, but all that tells me is that the DOJ had real cards to play, and they played them.
My guess is that things would have gone substantially worse for this person had he taken that case to trial.
Having seen the system up close, I hesitate to draw conclusions from cases that don't go to trial. Doesn't really sound like they have the means to afford trial, or at least a chance at a fair one.
That's a pretty good reason not to break into your former employer's data center to unplug a bunch of servers because you're mad they terminated your contract. That would not have been a difficult case to prove up.
Good grief. This is also part of the reason why I have a pact with my coworkers: if I’m terminated, kill my access immediately and universally, and I’ll do the same for them. I don’t even want to have the ability to look at stuff anymore. Remove any shred of possibility that I could get into shenanigans later.
I also follow the closely related addendum: I do not want standing admin access to your system, unless I need it often enough it really impacts my productivity. Doubly so if it's not hooked up to SSO. If the database gets breached, I don't want my name on the list of people who had the admin password.
Most big businesses are good about that, but I've helped a couple family members with their business' WordPress and just have standing access that I really don't want. They don't want to juggle activating/de-activating my account though, so /shrug.
Same all around for me. I have a couple of longstanding accounts on local businesses I help out, but it’s all via VPNs that send the owner an email when I connect. I also refuse to do any work unless they ask me in writing. Text is OK, and I screenshot it. “Why did you give such-and-such rights to that employee?” “I have it in writing where the owner asked me to, Your Honor.”
This has never come up before, but it’s easy enough to be diligent about it.
Also: I keep a little paper notebook where I log the work I do for everyone, and occasionally have someone else sign and date it. It’s basically a cheap blockchain IRL. “How do you know you did this before you stopped doing work for them?” “Because the owner signed and dated the logbook after I did the work but before they hired the new IT person.”
I’m suuuuuper nitpicky about diligence in all this, for the protection of everyone involved, and especially me.
That shouldn't require a pact, that should be part of the standard check list for ending employment. (The list is longer for those who have root, but it should still be a list.)
For sure, and I’m often the one who makes the list, and one with root. But the big thing is to do it quickly, like within the hour, and diligently. Don’t say, oh, I’ll give him a chance to access his email and download stuff, or whatever. No! Like, cut me off completely right now.
Then, if something breaks down the road, there’s no temptation for them to wonder if I had anything to do with that weird failure.
(And obviously, don’t freaking hack your ex employers! But also don’t even leave the impression that you could.)
I agree with the overall point. (And WTH would you ever have things you need to download in your work email?) But there's not an employer I have ever left that I couldn't have done extensive damage to without any permissions at all. Not that I would ever add a felony charge to even the most bitter firing, but I could.
> And WTH would you ever have things you need to download in your work email?
Because you got a university email as a student 20-30 years ago back when .edu emails were "for life". Then you started working at the university as a staff-person under the same email. Then 20-30 years later you're leaving, and much of your digital identity is inextricably linked to that old "personal" email.
Yeah, I usually stress to employers and clients that I want to be cut off quickly, and usually remind them of what they need to lock me out of when I leave.
Even then, I've had clients for whom things have broken come to me in despair hoping I'd kept access. The day one of them for whatever reason decides to suspect that I was the one to break things, I will be very happy to be able to point to consistently having done what I can to ensure I get locked out.
I've had that, too! Fairly recently, an ex client who sold their business to someone with a full-time IT staff asked me if I had the password to unlock their NAS. No, I didn't. I turned all those over to the IT staff, strongly recommended that they change them, and deleted my local copies. Sorry, but no, I can't help you with that.
This is exactly what all big corporations (rightly) do, and when layoffs come around you see waves of people making sob stories about how nobody told them and suddenly their work laptop stopped working from one minute to the next, or they didn't even let them inside the office because they were terminated during their morning commute.
Yeah. That’s actually a favor in disguise. Now they can’t accuse you of stealing or destroying stuff on your way out.
BTW, last time I posted stuff like this, someone thought I was treating this like an alibi: “ah ha! Now I can run amok and not get blamed for it!” No. Don’t do that, lest ye end up with a felony and permanent unemployability. I just mean that when things inevitably break due to natural entropy, the first question is often of who had access, and you don’t ever want your name to be on that list.
Yep, and people forget that news is often only news because it's not normal. Otherwise you simply wouldn't hear about it.
People take this to the extreme and think that their country is somehow a lawless hellscape where police are openly shooting innocent people, dragging them from cars for seemingly no reason etc... but those stories make the news precisely because it's not the norm.
It’s a calculated appeal by a biased narrator (his wife) who knows how to exploit the anger and sympathies of a community that often doesn’t click links, read documents, or look for facts before passing judgment (Reddit)
This may be overly cynical. I suspect that she's getting her biased account from the only person she knows who is technically savvy: her husband. She accepts this uncritically, and that some very large fraction of the spin originates with him. Some stuff (like ignoring that the drug use violates probation) might be hers, but the rest probably isn't.
This is why Reddit has become a cesspool. Looking at some of the Reddit comments: “fascist, thank trump” without doing any bit of research on the story. Reddit harbors anger and frankly dangerous thoughts from the habitually outraged and poorly informed on details.
(If you install the RECAP extension in your browser you can cache downloaded PACER docs and they will get linked from Courtlistener. Lay users can sign up for a PACER account and if you use less than $30 of document access charge per quarter it will be waived)
Your second case was in the WD of Texas which is where he was arrested - it's just minutia to have him 'removed' to the ED of Texas to face charges where he was indicted - this is the main case there:
My recap is acting up a bit so I'll just copy/paste in case it doesn't grab docket entry 158 - the 'factual basis' for the plea:
1. That the defendant, Conrad Rockenhaus, who is entering a plea of guilty, is the same person charged in the Indictment;
2. That the defendant worked as a as a developer services manager, and later an infrastructure architect, for an online company providing travel booking and vacation services to customers (hereinafter, Victim Company );
3. That the defendant had access to and could control computer code located on Victim Company s servers throughout the country, including computer code that controlled business functions such as marketing, scheduling, and payment processing;
4. That on or about November 11, 2014, the defendant remotely accessed, without authorization, the Victim Company s servers from his residence in the Eastern District of Texas;
5. That on or about November 11, 2014, the defendant executed a computer code or command that shut down one of Victim Company s servers, which in turn caused several other Victim Company servers to crash;
6. That the defendant was retained by Victim Company to assist with the restoration of Victim Company’s servers;
7. That during the remediation efforts, the defendant, without authorization, disconnected Victim Company’s servers in Plano, Texas, in the Eastern District of Texas, causing further business disruption;
8. That the defendant’s actions cost Victim Company at least $242,775 in lost revenue and at least $321,858 in recovery and remediation costs.
He was also placed under electronic monitoring program and immediately went about installing a VM to allegedly circumvent the monitoring software along with searching for a very controversial website relating to pedophilia...
He also lied about using his computer, his wife told on him to his parole officer, according to the court documents.
He was on parole for DDOSing* a former employer...
*Ah, I see your update, guess it was less distributed and more direct denial of service with the physical destruction and all.
“very controversial website related to pedophilia” -> you are referring to NAMBLA? if so, i think that is not uncommon search for people interested in history/wikipedia deep dives, i don’t think you would search this if you were actually a pedophile as it is a historical thing.
Yeah, I read that transcript supplied in the Reddit thread and I was thinking to myself “why would you include this as evidence to support your case”?
The wife makes a big deal about how one of the agents testified that Spice was an operating system, then she went on to falsely claim that it was merely a “graphic driver”. However, later in the in the transcript another agent corrected the error of the first agent and explained to the court that Spice was a means of accessing remote VMs, which could be used to circumvent monitoring software.
This combined with the fact that there was no internet activity subsequent to the software being downloaded is pretty damning evidence.
8 Q. Due to the nature of the offense charged being a
9 computer-related crime, did he have specific
10 restrictions on his pretrial release as it relates to
11 his computer usage?
12 A. Yes. One of the conditions was that he must
13 participate in the Computer Restriction and Monitoring
14 Program.
15 Q. How is that program enforced?
16 A. That program is enforced -- the defendant has to
17 download a software program onto his computer or iPhone
18 or whatever, any type of device that has access to the
19 Internet. That information is -- the monitoring
20 company, they monitor -- they are able to monitor what
21 he is accessing on the Internet. And the Probation
22 Officer has been allowed to review weekly reports about
23 what sites he's accessing, things like that.
24 Q. And is the defendant notified and made aware and
25 provided with a document that states the terms of that
1 agreement?
2 A. Yes.
The use of an encrypted Tor node would likely be a violation of that restriction regardless of what is being accessed.
The chain would then appear to be: convicted of computer crime -> required computer monitoring software during supervision -> installed and used Tor -> supervision violation and revoked to prison.
As I understand it --- I haven't read deeply enough to confirm this, it's what I've pieced together from the Reddit thing --- the Tor stuff came long before any of this. What I gather is:
1. Back in 2014 this person committed a pretty grave computer offense, which was not at the time prosecuted.
2. Some time after that, he became a high-profile Tor relay operator.
3. Some time after that, he was asked to subvert those Tor relays by the DOJ.
4. In 2019 he was prosecuted for the computer offenses, and convicted.
5. In 2021, he was released on parole.
(I think there's a long string of parole issues after that, and then)
6. In 2025 he was accused by the probation office of violating his parole in a bunch of ways and taken into custody.
The setup of Tor has some specific dates in the transcript. Page 10
3 Q. So, Ms. Routh, having been acknowledged of his
4 obligations to monitor and pay for the service on
5 August 29th, can you please tell the Court how
6 Mr. Rockenhaus complied or didn't comply with the terms
7 of his release?
8 A. Yes. On September 22nd the defendant did
9 successfully download the monitoring software program
10 on his computer. On October 11th Officer Ramos
11 contacted the defendant regarding his lack of computer
12 usage. So he reviewed some reports and realized that
13 nothing was appearing, indicating that he was using his
14 computer.
Page 11 and 12
22 So Mr. -- Officer Ramos spoke to Phillip
23 Danford with IPPC Technology and he stated that, yes,
24 the defendant had downloaded the software. They showed
25 that on September 22nd he said that the defendant --
1 they see that the defendant looking at, it's called the
2 TOR Network website on September 23rd, which is where
3 you download software to access the dark web.
If I read this correctly... in August he was required to install the monitoring software (likely within 1 month).
On September 22nd, 2019, the monitoring software was downloaded. On September 23rd, Tor was installed. No internet activity was detected for the remainder of September or October by the monitoring software.
I don't believe that 2 or 3 come into play in terms of the parole violations (including the subverting of the monitoring software).
It would have been extraordinarily dumb for someone on parole electronic monitoring to install Tor, but my understanding of Tor's role in the bigger story is that it's about stuff that was happening many years ago. There's nothing about Tor in the parole violation warrant; just that he had an unauthorized iPhone, and when they did a forensic inspection of it, there were no further violations discovered on that phone.
The defendant plead nolo contendere (no contest) in 2014. Any activity between 2014 and 2019 was under supervision restrictions. Any use of Tor during that period would likely be an issue.
Page 6 of 8:
You must not purchase, possess, have contact with, or otherwise use any device that can be connected to the Internet or used to store digital materials, other than that approved by the U.S. Probation Office. You must allow the U.S. Probation Office to install software on any approved device that is designed to record any and all activity on the device the defendant may use, including but not limited to capture of keystrokes, application information, Internet use history, e-mail correspondence, pictures, and chat conversations. You will pay any costs related to the monitoring of his authorized device and must advise anyone in the household that may use an authorized device in question that monitoring software has been installed. If you need access to an employer owned Internet-equipped device for employment purposes, you must advise your probation officer before using the device. The probation officer will ensure the employer is aware of the criminal history, and you must agree to use the device for work purposes only.
You must not attempt to remove, tamper with, or in any way circumvent the monitoring software, and must disclose all on-line account information, including usernames and passwords, to the U.S. Probation Office. If requested, you must provide a list of all software/hardware on your computer, as well as telephone, cable, or Internet service provider billing records, and any other information deemed necessary by the probation office to monitor your computer usage.
You must not access Tor or participate in any online social environment (i.e., Facebook, Twitter, Second Life, Linkedin, Craigslist, FaceTime, WhatsApp, video/audio, etc.) or texting applications, which allow the user interaction unless pre-approved and authorized by the probation officer and Court.
His activity, no matter how it is framed, was in violation of the supervision orders.
Furthermore, he worked to circumvent the monitoring software in September of 2019 and had no internet activity recorded in October of 2019.
> 1. Back in 2014 this person committed a pretty grave computer offense, which was not at the time prosecuted.
> 2. Some time after that, he became a high-profile Tor relay operator.
> 3. Some time after that, he was asked to subvert those Tor relays by the DOJ.
It wasn't prosecuted because he plead no contest. After that, the use of Tor was in violation of supervision. I read #3 as "you're not running the monitoring software as required" which would subvert the exit nodes... but he shouldn't have been running them in the first place.
I don't think this is accurate. I think the charged conduct occurred in 2014, but from what I see on PACER, the prosecution (and subsequent plea) was in 2019.
Hmm... You have something there (and I was likely off in my timeline). The case was filed in August 2019. The document was filed in 2022(?). The transcript was from 2020.
Given the plea in 2019 and those conditions... as shown in the judgement document, the things that were alleged in the 2020 transcript were a clear violation of those conditions.
Where there any pretrial bond conditions prior to 2019?
The funny thing about rights is that you have them even if you've done other bad things. The thinking on display here ("the guy was a criminal anyway") is the primary slippery slope to tyranny that we have seen in the past 100 years.
Seems like he was legally eligible to be arrested for a variety of reasons. The FBI is still not allowed to use fraudulent warrants to that end. The rule of law is no such thing unless it applies to everyone equally.
I'm on the civil rights and free speech maxxing side, but this was clearly a criminal in the act of actively criminaling.
The danger here is in crying wolf when this isn't a case of rights being violated for a non-perpetrator. This guy was willfully breaking laws left and right.
Yeah - even if George Floyd’s arrest was lawful, arresting him in using such violent force he died is certainly not. Saying “well he was a bad guy and had done bad things” doesn’t justify inflicting head injuries or holding a roadside execution.
While the abuse by the system needs to be dealt with, if you are going to be a TOR exit node operator (or a thorn in the FBI's side in general), don't do the above. I sympathise with him in spirit, but this is a severe tactical blunder.
It gets worse... both the wife and (either their husband or a previous partner) have their own threads on kiwi farms and are closely tied to both Encyclopedia Dramatica and Ethan Ralph. There's videos posted of them showing signs of severe mental illness.
Kiwifarms is a forum for harassing people. Famously Near (the developer behind BSNES/Higan emulator) committed suicide in part due to the abuse he received from that forum. And people on kiwifarms celebrated his death.
Only reason I know of it is from the thread at the time on HN.
orchestrated harassment campaigns happening. I'm being intentionally vague on who is the perpetrator in this situation because usually its just a chaotic pileup with no reasonable persons involved.
My recommendation: ignore and swipe under the rug anything where KF is in play. Whatever it is, visibility feeds it.
Kiwifarms is a forum that mainly is about chronicling the life events of people it can laugh at, often those suffering from mental illness.
Oftentimes, kiwifarms users directly harass or manipulate their targets to try to provoke more weird behavior, usually directly making the target's life worse in the process.
I can see why it's entertaining for folk (kind of like watching reality television), but overall it seems to have a pretty negative effect. And if you hang out there too long, it seems like you tend to lose human empathy.
I think it means we have very good reason to believe OP/adezero is severely embellishing the story and is simply lying (and has a documented history of it), even without all the actual evidence pointing directly to that.
People with severe mental illnesses still have Constitutional rights, including one not to get their head bashed in.
Running a Tor exit node is also not a crime, and he ran it long before there was any conviction. And asking to decrypt incoming traffic (from other nodes) is really sus; it has nothing at all do with the accused’s parole or alleged crimes.
> People with severe mental illnesses still have Constitutional rights, including one not to get their head bashed in.
Yes, I wasn't trying to imply that. But according to court records he got hurt because he was being combative during the execution of an arrest warrant.
> Running a Tor exit node is also not a crime
Probably correct, and the original headline seemed to try to imply that it was in fact what they got in trouble for (it has since been changed), but there's way more to this story than OP lets on... by a mile.
We have to consider that crime on the internet is as real as crime in real life. Funny to say it out loud. Criminals move a certain way and just because you are a nerdy tech dude doesn’t also mean you’re not a gangster.
Edit:
Reminds me a lot of the lives of people in this saga:
> We have to consider that crime on the internet is as real as crime in real life. Funny to say it out loud.
According to the court documents his crimes extended into “real life” as well, with intentional damage to his former employer to shut down their operations.
I mean this is how the law enforcement part of the federal government uses its weight, Aaron Swartz's prosecutor-style to bully people.
Cannabis is harmless and a lot of people use it as medicine, even if they think of it as recreational. "Oh I need it to relax." Then its an anti-anxiety drug, not a 'party' drug. Limiting this is just cruelty and an easy 'win' for LE. Same with justifying the slaying of Philando Castile and others (he had pot, or pot in his system, thus a criminal undeserving of rights or due process).
Once the federal government is onto you with a case like this, all your money is gone. Either to lawyers or your bank accounts are frozen and things like that. Failing to make payments is a feature, not a bug, in this system. I'm not going to tell everyone here how to live, but its ideal to have money that's squirreled away in a place hard to be frozen because tomorrow this can be any of us. You host a vpn on a vpn somewhere? Use tor? Said the wrong opinion online? Heaven knows, but the hammer falls on a lot of people and there's no mercy to it.
Lines of credit, again, fits in with the above. People need to feed themselves, pay rent, pay lawyers, etc. I've never been accused of a crime but I've done a lot of legal stuff in my life with lawyers and such, and everything about this system is unbelievably slow and expensive. It isn't like Hollywood portrays it at all. The money needed here is more than more people can muster just to remotely get a fair trial or deal. Especially when a lot of charges against you are 'stacked' if not entirely dishonest on the assumption of 'well, we're going to court anyway or making a deal so better add some nonsense on top for negotiation.' I can't find the cite, but I've read that if you get a federal arrest, you're looking at $1m starting to begin. How many of us here have $1m they can access, and even if you do, is it accessible if the feds freeze your accounts on 'suspicion?'
Probation stuff, who knows, but he was already being sieged by LE, so who knows what is happening here. There's no shortage of probation horror stories like one's officer cancelling at the last minute or changing location, and other things to guarantee missing meetings. And eventually you can break a man entirely and he'll stop being functional, and he'll fail at a lot of basic things. The stress here can trigger extreme mental illness. I'm a fairly delicate person and if this happened to me, the stress would entirely break me. I'd fall into deep depression. So there's complexity with "he missed x appointment" and "he missed x payment," that's worth exploring.
The government telling you that you can't use a computer of any kind without a keylogger is insane and should be fought entirely. Computers are like paper nowadays. "Everything you write and do should be sent to LE" is unacceptable. Computers arent optional anymore. Everything we do is computer or app based. Also we dont know his motivation for making a private vm or using an iphone. Keeping valuable information about himself from LE for example or hiding a medical condition or heaven knows what else. This is why privacy and speech and rights between you and your counsel are so protected but "We get all your computers" sidesteps many of those protections.
Yes, he's a criminal but he doesn't deserve to be treated like this. These, and his past, are simple white-collar crimes, but he got the bully treatment.
Yes these are 'standard' because they maximally oppress working class people (note very wealthy people just buy themselves out of the above) with the thin veneer of legitimacy. The wealthy, capital owning class, etc if arrested like this just shrug this stuff off usually, and uses its connections and wealth to get ideal terms, but nobodies like this have no chance. The federal government conviction rate is over 90% not because of merit, but because of this kind of bullying and dishonesty and oppression. Imagine if we were discussing near any other nation with a 90+ percent conviction rate, you'd balk and know its corrupt, but we're the same in this regard.
I wish digital culture was more liberal-libertarian like it used to be, than the hard-right turn its made in the past 15+ years. LE does not need a 'devil's advocate.' The accused do. I dont care if liberalizing the above makes more criminals get away with. I'd rather this guy go free, even if he's super guilty, than accept the above as acceptable in our justice system. All this for what's essentially mostly-harmless white collar crime.
Not to mention the incredible violence here for a non-violent crime. Armed LE more or less besieged his home. I'm not sure why people knee-jerk to defending any of this. I hope a new liberal-libertarian movement emerges in tech because I feel like we've lost our way.
No. He wasn't convicted of a cannabis offense. He was convicted of a fairly grave computer fraud/abuse claim, and part of the contract of his early release from federal custody was a set of terms that included monitoring and sobriety. He allegedly violated those terms, and you stipulate those violations here. Like any parolee, he's being put back into custody.
Why is that added, there's an agenda there. Why does "sobriety" matter in a computer crime? This is oppression and this (plus the other conditions) simple set up people like this for a fall.
Not a fan of this kind of thing, and I think that weed should be legal, but don't forget that federally, it is still illegal, and "don't do illegal stuff while out on parole" at least has a pretty basic logic to it.
Booze is legal, and parole can limit your drinking. By law.
If you don't like the terms of parole, you are permitted to refuse it and remain incarcerated for your full sentence, at which point you are released and there are no parole restrictions at all. Parole is "you agree to behave and they release you early". And "behaving" is whatever they want it to mean.
I mean, he was also forbidden from opening up lines of credit (he was in the middle of negotiations with DOJ on making restitution to his victims), something that is perfectly legal and benign --- nonetheless, he was not allowed to do so as a condition of parole.
You forgot to mention that in the hearing linked on the Reddit post it is shown that he made a search about a pedophile association as well right before downloading Spice.
Okay, and? That ain't illegal, and in fact has many benign explanations (like “I just watched South Park and was curious about whether there really is a North American Man/Boy Love Association like in that one episode”).
This always happens though. Every time someone is thrown in a cage unjustly, the state tries to redirect us (yes, us, here in this forum and others like it) to look at other details of the situation, whether it's details of the person's political or personality or, in this case, details of this (also seemingly unjust) probation violation.
Who cares if he smoked weed or installed a VM or evaded a government keylogger? Those are all really shitty reasons to put someone in a cage, whether it's couched as "probation terms" or not.
I'll steelman the unpopular position: I think sobriety is a reasonable condition of freedom for someone with psychiatric self-control issues, that have lead them to commit felonies in the past.
Vandalizing your employer's infrastructure over a grudge is, I suggest, strong evidence of a major impulse control issue. It think it makes sense and is in the public interest, draconian as it is, that this person shouldn't be allowed to get high and have unmonitored internet access. The same place they've committed felonies before, on impulse.
Further context: his own defense lawyer filed a motion asking a court to find this guy mentally incompetent to stand trial,
> I think sobriety is a reasonable condition of freedom for someone with psychiatric self-control issues, that have lead them to commit felonies in the past.
Were he high on weed, maybe he'd not commit the felony in the first place. Yeah, banning him from alcohol is fine, from stimulants broadly - also OK, but weed? Honestly? How often, statistically speaking, does smoking weed make a person aggressive? While this person may be an outlier, without precise information on it, I'd say the ban on weed is as sensible as a ban on butter or relanium. If it doesn't serve any obvious purpose (like with alcohol: being drunk makes you do stupid things more often), then maybe it's really just a way of harassing this person?
Weed for normal people isn't a big deal, but weed for people on the cusp of mental illness or even just mental unwellness can exacerbate whatever issue they are facing.
Alcohol on the other hand mostly just knocks you out from doing anything too cerebral after you pass the ballmer peak. I say this as a person who prefers weed to alcohol 100x.
> Alcohol on the other hand mostly just knocks you out from doing anything too cerebral after you pass the ballmer peak.
That's pretty minimizing of alcohol's contribution to violent acts (bar fights, escalating disagreements at supermarkets/etc, domestic violence) as well as vehicle collisions.
> the state tries to redirect us (yes, us, here in this forum and others like it) to look at other details of the situation
Isn't the reddit post doing the same thing by trying to imply he was jailed for running a TOR node when he was officially jailed for breaking parole terms? Even if they think those were just excuse to jail him, the refusal to acknowledge those details makes the account at least deceptive.
Well yes, I do agree with this. I wish people were more up front in these situations. But it's not easy because the waters are so muddied. But yeah, you're absolutely right (typing that phrase now makes me feel like an LLM).
I've helped people released onto parole for years. It's tough. The terms might seem easy, but often aren't in practice. Most people have a history of addiction and/or mental illness and suddenly they are thrown into a world where everything is available for a price, and any medical help they were given is suddenly taken away and the life where everything was done for them (food cooked, clothes washed) is gone.
The majority are returned to prison within days/weeks/months of release.
Parole terms aren't usually up for negotiation. It's generally parole or stay in prison. You can agree to the terms offered, but it's a coercive agreement, so I wouldn't put much weight on the parolees agreement. That said, I agree the terms seem reasonable.
But even if you stay in prison for your full term, you're likely to have supervised release which has similar terms.
I'm reasonably anti-carcerial, but he did actually commit a crime, and one of the conditions of release from that crime was agreeing not to do those things - that's what probation means - an agreement he promptly broke.
There has to be some penalty for noncompliance or you get more of it.
He used encrypted services to commit a bunch of crimes. He was then released on the condition that he would no longer use the encrypted services that he used to commit the crimes with. He then lied and used those encrypted services anyway. It's really that simple.
I am absolutely NOT a fan of "tough on crime" type stuff. By and large I feel the US criminal justice system is an inhumane cruel monstrosity. But the conditions were not all that unreasonable (except the weed stuff) and all of this smells of bad faith on the part of this couple.
Summary: He was logged doing a search for the "North American Man/Boy Love Association", and then after downloaded some kind of VM access/TOR software the logging ended.
I'm surprised this isn't mentioned much here, there's a lot of reddit comments that picked up on this and the OP (self-identified as the wife) isn't replying to any, only the ones that fit her story.
The OP here also downplays a lot of what the husband did. He was on probation from DDOSing and then physically damaging company equipment after he was fired. Then on probation from that he smoked weed, ghosted his probation officer, broke the terms.
It's very important to get the official source on this one. Husband was legally restricted and being monitored by the FBI, so he decided to go install a VM to bypass the monitoring. It's not so much bravery against authority as it is hubris that got him 3 years.
Yeah, that is a significantly more damning then what was given by his wife on Reddit. While SPICE is a normal means to interact with VMs, the defense couldn't offer any legitimate reason for him to be using one. They didn't even make an attempt to. They only established that the monitoring company couldn't say for certain that it was used explicitly to bypass the monitoring.
Also that it occurred right after the search mentioned on Page 28. It's a really bad look.
Since it seems to have been glossed over in the court transcript, can anyone explain how exactly a VM or client for remote VM could be used to bypass the monitoring?
Wouldn't the monitoring software capture any application's network activities, including a client for a Remote VM? I'm imagining something like Wireshark?
A VM would bypass monitoring software installed on devices the person uses. A VPN would obscure their traffic such that it is encrypted and not easily monitored. Even something like SSH is encrypted and not straight-forward to monitor, so a VPN isn't required to do this anyway.
A remote VM would combine both of these things, where the device/computer is in a location that isn't monitored and accessed by means aimed at bypassing controls in place. Activities carried out from the remote VM are then not monitored.
User + Devices -> VPN/other -> Remote VM -> Unmonitored Activities / Network Access
^ Monitoring is here, but may not capture the rest of the chain
Law enforcement would need to monitor the VM itself to monitor those activities, or I guess request logs from the provider if at all possible.
There's a limit to how much you can monitor someone and I assume there's a degree of good faith in cooperation with these controls. Failure to comply, seemingly, has severe consequences.
> A VM would bypass monitoring software installed on devices the person uses.
Not really, no: a VM is just another userspace application and a monitoring software should be able to capture its traffic just fine. If he was also using a VPN, tor or conneting to a remote machine that's another story, but only saying he was using a VM doesn't really mean much.
Monitoring software installed at the OS level can monitor both traffic and what applications generate it. But if the traffic is coming from a VM, it can only do the former.
The article provides a good foundation for opposing arguments.
Excerpting:
> The researchers wanted to find a way to do the seemingly impossible — to give the military the benefits of a global, high-speed communications network without exposing them to the vulnerabilities of the metadata that the network relied on to operate.
> ...
> There are other implications, as well. For a CIA agent to use Tor without suspicion in non-U.S. nations, for example, there would need to be plenty of citizens in these nations using Tor for everyday internet browsing. Similarly, if the only users in a particular country are whistleblowers, civil rights activists and protesters, the government may well simply arrest anyone connecting to your anonymity network. As a result, an onion routing system had to be open to as wide a range of users and maintainers as possible, so that the mere fact that someone was using the system wouldn’t reveal anything about their identity or their affiliations.
> ...
> Anonymity loves company — so Tor needed to be sold to the general public. That necessity led to an unlikely alliance between cypherpunks and the U.S. Navy.
> The NRL researchers behind Onion routing knew it wouldn’t work unless everyday people used it, so they reached out to the cypherpunks and invited them into conversations about design and strategy to reach the masses.
To those who say TOR, VPN, Signal, GrapheneOS or <replace with any privacy tool> is dead, we should use more of them not less. Today privacy became crime because the tech crowd (including many in HN community) ignored slow eradication of our fundamental freedom by evil companies like Apple (Yes, Apple. Don't forget they worked with NSA.) and Google. If crowd like HN is seduced by new AI enhanced, costly and locked phones, then how can a regular citizen understand freedom or privacy?
Freedom is being taken away by govt, because we are making choices that surrender it.
Every government agency works this way to the extent that they are able to.
Your local building commissioner or whatever just has a lot less money and muscle on tap and much more circuitous access to court judgements in their favor than the FBI does. Differences in their strategic and tactical approach is a reflection of this.
people talk a lot about how much they're against punching down, but I don't actually see that many people itching to take on Dwayne Johnson. The fact is for humans and organizations who are punching, punching down is generally their preferred method.
I didn't say there are no people who ever punch up, but nowhere near as many people who talk about it, most people punch down when they're in a punching mood.
Law enforcement is the US is trained to use (often rapidly) increasing force to compel compliance. They are trained that this is the only way to keep themselves and partners safe.
The problem with the CFAA is that it is so (IMO unconstitutionally) broad it is feasible that _every American_ has arguably violated it in some way, completely accidentally.
Thus, every time we see a CFAA charge we have to ask ourselves: "Is this an abuse of power?".
There are a lot of bogus CFAA cases but it seems like this one is within the boundaries of reasonable law enforcement if the description posted above [0] is accurate.
The quick summary is (reddit) OP's husband was fired from a job and used old unrevoked access to crash their servers, was briefly contracted to fix it before the company found out they were the source of the crash and terminated them again, then after all that he then gained access to their DR facilities and physically damaged a number of servers.
If that's true it seems like a pretty cut and dry CFAA case (with some extra normal crime on top to boot) and the main issue to take with it is the FBI using it as leverage to get him to compromise his TOR node.
I can attest as a personal experience in the past that this kind of behavior is not uncommon with feds, and has happened even before the current administration. I've had a five years probation in the past for what the FBI argued that I "hacked" some company from changing the URL in specific ways, not to mention the "clear hacking tools" I had installed in my computer, e.g CCleaner. You know something is wrong when you literally have 98% chance of losing in court against the FBI. They are corrupt and incompetent.
> I can attest as a personal experience in the past that this kind of behavior is not uncommon with feds, and has happened even before the current administration
One the first comments on reddit was actually:
> … in trump's america lmao
Someone had to awkwardly point out it was biden’s america. Which makes it easier and saves keystrokes: it’s just “america, lmao”. Then other countries can be even worse so it’s “lmao”. And soon enough they are just laughing their asses off while the person is stuck in jail.
> "clear hacking tools" I had installed in my computer, e.g CCleaner
I have always wondered if they are primarily that stupid or just evil and pretending to be stupid. I am leaning towards evil.
> The wife’s description of the charges is not honest. See all of the other comments which revealed a much longer list of offenses he committed.
Yeah, good point. That happens sometimes. It's sad, people just see reddit as sort of a platform of gullible people. I was just pointing out reddit's reaction, mainly.
Then my other reply was in reply to GP's own story ("clear hacking tools" = CCleaner).
Based on the 2019 court transcript linked in the post, the reason for keeping him in jail during the pretrial are a lot more reasonable than how this is framed in his wife's post.
The FBI said he downloaded a client, here Spice, which can be used to access a VM and visited the tor project website to look into how he could download a Tor client. That happened in the 24h which followed him agreeing to electronic monitoring and voluntarily installing a spyware. They argue that he has the knowledge and mean to circumvent the monitoring he agreed to and his pattern of actions indicate he is likely to do so if left free. A huge part of the argument lies on him having agreed to voluntarily participate in his own monitoring. The CFAA charge seems to be sealed but I'm far from convinced it's a minor work related issue.
If you read the website, they keep firing their attorneys and pretending they are colluding with the government to keep him in jail. Parts of the description are frankly bizarre. It seems they are actually suffering for paranoia.
I know this won’t be popular to say, but “guilt by association” is a real thing.
Unfortunately, Tor carries a negative connotation tied to criminal activity.
And if you're operating (like this individual) something that is perceived to be criminal in nature, you're bound to be a target by law enforcement.
Note: I'm not stating whether or not what happened to this individual is right/wrong. But this should be a cautionary warning of what might also happen to anyone if you associate with things that are perceived as criminal in nature.
Guilt by association is much more a social construct, than a legal one.
The bar for legal consequences is expected to be much higher than mere association.
It has never been perfect, nor uniformly applied in all circumstances, but it is and should remain a nominal goal of the justice system. For that to no longer be considered the case, even in a casual conversation like this, is a devastating shift of the Overton window towards authoritarianism as the norm.
From my understanding, guilt by association is quite valid legally when it comes to Tor exit nodes, due to the fact that other people’s traffic appears as your traffic.
It may not literally be guilt by association, but they’re two parts of the same whole in this case, right or wrong.
Guilt by association: if a group of three approaches another in a confrontation, and one person punches another then would all three be seen as violent?
>Guilt by association is much more a social construct, than a legal one.
Turning this sentence up and down, and still fail to get what it tries to convey. Law is social construct per definition, isn’t it?
>It has never been perfect, nor uniformly applied in all circumstances, but it is and should remain a nominal goal of the justice system.
No? Like, at best it is just going to pretend to be so. Then it’s actually all ruled by ambitious sociopath manipulators that take The Prince as bedtime reading, either right from the start or as soon as they can unleash their master plan.
Can anyone point to any jurisdiction in the world which puts equal duties and rights with actual associated material/logistical means on every single citizen? If no, we might be free to conclude that justice and equality are words on frontispiece of the theater, not how the leviathan is planning to actually process.
All that said, not everyone is Aaron Schwartz. Even supposing it’s only to maintain the façade, institutions do also have to act against some criminal outside of their own ruling castes.
There's a big difference between being the user of something (Pixel/GrapheneOS, though I find these as weird comparisons given) and being an operator of something.
Operating an exit node is by definition you acting in the distribution of such activity (legal or not).
The source for that article was a single cop in a single country (Spain) making an off-handed comment. The way it’s been spun as a universal concept in Europe by all of the Android blogs is misleading.
Yes. I think that one comment was a flash in the pan about a particular moment in time from an officer involved in a very specific type of drug trafficking prosecutions.
The part that should really enrage you is the way people will selectively understand this based on whether they agree or disagree with the context.
If some electronics repair guy repairing vehicle ECUs in bulk who doesn't ask questions but has an inkling that they're gonna get used for emissions laws violations got rolled up on by the feds for refusing to go out of his way to help them out HN would find all sorts of ways to cheer and justify it.
>Pretty sure the questions start and end with “was it illegal”.
Disclaimer: I don't have any skin in this game or association with any government, any law enforcement agency, nor do I know the person discussed or (at least as far as I know) anyone who knows that person. And IANAL.
IIUC (and I may not), the guy was on probation[0], which is release from or in lieu of prison.
If someone is on probation, they are still under the authority of the (in this case Federal) judicial/prison authority which sentenced them.
It is (whether you think it's right or not) normal for restrictions to be placed upon those on probation, including random drug tests, restrictions on certain types of behavior (this is often related to the crime(s) for which they've been convicted).
Often, this also provides for warrantless searches and other privacy-invading stuff as part of the probation agreement. I'd note that (again, IIUC) that the convicted person must agree to the terms of probation or they will have to go to (or not be released from) prison to serve their (remaining) sentence.
Violation of the terms of probation (as is clearly defined in probation agreements) may result in imprisonment to complete the sentence imposed by the court after trial or (as it was in this case) a plea bargain.
I am unfamiliar with the case at hand, but sending someone to (or back to) prison for violating probation is the stick which (presumably) keeps people from re-offending and/or violating the terms of their probation, at least until they complete the term of probation.
As someone who works in this industry: we do ECU modification and repair and as such, have regular contact with the EPA. Our products all align with all required emissions regulation and testing, which is why we're allowed to continue selling them. If the EPA says jump, we ask how high.
I say this because this cultural vibe of government agencies kicking in your door for doing innocuous shit needs to die already, that is simply not how this happens. We get letters, we get calls, VERY occasionally we get visits and said visits are scheduled weeks, sometimes months in advance. We always cooperate and the relationship, therefore, is not adversarial.
Honestly we have way more fucking problems with huckster vendors trying to fuck us out of a few extra dollars on parts than anything to do with the big scary government.
While we're at it, fuck coal rollers with a cactus.
For any given issue, subject, industry or niche there is always a you. And you are the enablers. Multiply by every equivalent idiot and niche and that's how you get the world in which some guy gets whacked for running a tor node.
If not that it would be some other niche, maybe some guy importing gray market power equipment to the chagrin of the branded dealers would be getting whacked. If not that then it's the amish farmers getting whacked over one of their many "in letter but not spirit" compliance measures.
Yeah, in every case the letters of the law are broad enough to nail these sorts of people but that's not an outcome the general public wants except for the occasional zealot on any given subject. And the equivalent enablers would be endorsing it just as you are now.
And at the end of the day your behavior (you plural) undermines the legitimacy of these institutions and the government they serve because these are outcomes that nobody wants, but single industry enforcement enough of a back burner issue that elections mostly don't get won and lost over them so the fire just keeps smoldering year after year (fed by our tax dollars, of course).
>As someone who works in this industry
Perfect illustrative example for one of HN's favorite quotes:
"It is difficult to get a man to understand something, when his salary depends on his not understanding it"
>Our products all align with all required emissions regulation...the relationship, therefore, is not adversarial.
You might as well compare a medium company with an encrypted file share service to some 1-man package maintainer for software that does the same. Who is law enforcement gonna try and abuse?
>While we're at it, fuck coal rollers with a cactus.
A bunch of reactionary yokels are a symptom of the degree to which your ilk has undermined the legitimacy of the laws they violate and enforcement agencies they thumb their nose at, not the root cause. If society solves people like you the yokels will mostly go away on their own. That is what I seek.
'whacked' usually means killed. This guy was neither killed, nor jailed for 'running a tor node', but a bunch of more specifically bad, illegal shit that it would be misleading to describe this way.
The same way as describing destroying a bunch of an ex-employers data on-site causing thousands in loss is not a "workplace dispute".
> these are outcomes that nobody wants
which outcomes? these are outcomes no-one wants, but you've yet to prove they happen. It takes a lot of time to properly go through case details to determine abuse, it seems like you are very casually throwing around accusations.
> You might as well compare...
Why? they comply with the law, why does that make them 'big'? I'm sure the FBI has plenty resources to go after them, in fact, they have more to lose.
The 'one man shop' needs to comply with the law, however big or small they are.
> Who is law enforcement gonna try and abuse?
abuse? this guy says no-onw is kicking his door down, have you proof it changes for smaller setups?
they go after whoever they think is breaking the law, and not complying (providing relevant licences, proof of testing) flags you for that. Are you suggesting the small guy should fly under the radar?
> For any given issue, subject, industry or niche there is always a you. And you are the enablers. Multiply by every equivalent idiot and niche and that's how you get the world in which some guy gets whacked for running a tor node.
I am not defending at all the actions of the FBI. The FBI/CIA/NSA are overzealous law enforcement serving the will of colonial capitalism. Their history of targeting whistleblowers, activists, and technologists; like, for example, the guy running a Tor node; is well documented and deeply problematic. That same machinery has also been deployed against environmental activists, which makes the irony even more bitter that it's being cited here.
I'm defending the EPA, which in contrast, works with numerous industries, including ours, to benefit society as a whole.
The problem is this exact mindset where we insist that everything is on one massive slippery slope and there's simply no way to differentiate from proper, needed regulation, and the boot of law enforcement being deployed to fuck with the working class at scale.
We can tell the difference and it isn't difficult, it simply requires thinking which an unfortunate number of voters don't like doing.
> "It is difficult to get a man to understand something, when his salary depends on his not understanding it"
Completely backwards. There is a LOT of money to be made circumventing emissions regulations, which is why almost every OEM has been caught with their hands in that particular cookie jar, either fingernail or wrist deep.
We COST ourselves money locking up those features because we agree with the regulations in place.
> A bunch of reactionary yokels are a symptom of the degree to which your ilk has undermined the legitimacy of the laws they violate and enforcement agencies they thumb their nose at, not the root cause. If society solves people like you the yokels will mostly go away on their own. That is what I seek.
Reactionary movements have existed for every time the Government says don't do anything since time immemorial. There is ALWAYS reactionaries because there is ALWAYS a segment of the population that never matures past the age of ten. The fact that they occasionally have a point is nothing but statistical likelihood; if you constantly say "no" to everything, by sheer chance, you will occasionally say no to something bad.
Context plays a crucial role, especially within the Judeo-Christian tradition. So much so that it serves as a foundation for the design of the modern legal system.
>> But this should be a cautionary warning of what might also happen anyone if you associate with things that are perceived as criminal in nature.
Opioid painkillers are associated with “things that are criminal in nature” because a certain segment of every society does and will suck, nearly no matter what.
Does this mean that everybody in pain should just suffer and let their education, career, and family be taken from them before their time?
>But this should be a cautionary warning of what might also happen to anyone if you associate with things that are perceived as criminal in nature.
This would come off lot more legit if the current elected US president wasn't a convicted rapist and constantly promoting crypto along with his acolytes like Elon Musk.
Several years prior I had a coworker get arrested on CSAM charges because, you guessed it, he ran an Tor exit node.
Of course there was no reporting on the Tor aspect, just “local man arrested for CSAM” in the local papers. He eventually had the charges dropped after years of court battles, but his name is forever tarnished as a result.
This particular job we had a lot of idealist folks, two of whom ran relays - they immediately ceased to do so in the aftermath of the coworker’s arrest.
> This particular job we had a lot of idealist folks, two of whom ran relays - they immediately ceased to do so in the aftermath of the coworker’s arrest
Even from the early days of Tor I remember all of the warnings to not run an exit node in a country where internet activity was likely to lead to prosecution.
Running any sort of proxy (including Tor exit nodes) allows other people’s traffic to appear as your traffic. That’s the entire purpose of the software. You’d have to be willing and able to handle the consequences of any traffic any other person decides to send through the system.
If you run a Tor exit node, it is quite possible that you will end up downloading things on behalf of other people. CSAM carries strict liability charges.
Someone somehow downloaded the images in LAION 5B to do the actual training, and we know that thousands of these images contained illegal content.
Where's the strict liability? Everyone who ever downloaded and ran Stable Diffusion 1.5, or even Lora's from it, could in some way be held "strictly liable" for the fact that you are simply one prompt away...
Reminds me of a similar case against Dmitry Bogatov in Russia in 2017, it was a big deal back in the day (though of course times have drastically changed and now something like this wouldn't even appear in the news over there).
That's not the key precedent they are setting. They are working on a much more important case: Making the population understand that disobedience will result in punishment
There's plenty of laws they write that they know the population can't reasonably comply with and give the government discretionary power to screw people. And then there's more laws that just give the government enforcement arm discretionary power to choose whether the law is applicable or exercise unilateral judgement regarding whether compliance is satisfactory.
Your local zoning code is probably chock full of them. And if not there then your local stormwater/runoff rules probably have a bunch of examples too.
Federal stuff is much more highly litigated so you don't see as much of it there. State is a middle ground.
I certainly sympathise, but actually don't find it at all surprising.
Tor is totally used for criminal activity. That doesn't mean it is inherently a bad thing, or that it is this guy's fault, but he can't completely wash his hands off it. If bad guys use the postal service, it's not the postman's fault, but he has to cooperate with law enforcement if they demand that.
I don't know about the US, but contempt of court is a thing in the UK at least. You can't refuse to submit evidence to court, including things like encryption keys or things only stored in your head - or face penalties including unlimited jail time.
Now, I get that this is the US so the arrest was dialled up to 11 and it seems all of this is extra-judicial - no court warrant etc. This is all very disappointing. But, to my non-expert eye running a Tor exit node is in the legal grey zone, and I guess you can't be too surprised when things like this happen.
> You can't refuse to submit evidence to court, including things like encryption keys or things only stored in your head - or face penalties including unlimited jail time.
This is a bit more complex in the US. We have the fifth amendment to our Constitution which says "nor shall [a person] be compelled in any criminal case to be a witness against himself."
So, we can't be made to testify against ourselves. This has sometimes been interpreted to mean that they can't compel cryptography keys that are stored in our brains, and sometimes has been interpreted the other way.
I'm unaware of any definitive decision that applies universally. I've heard some suggest that passphrases that are themselves an admission of crime are a workaround that ensures you can't be compelled to provide them.
Why would breaking the privacy of Tor users be self-incriminating? If anything, surely it's the evidence of innocence - whatever unsavoury websites were visited via the Tor node were Tor users, not this guy.
The obligation to provide evidence of self- innocence is equivalent to the obligation to provide evidence of self- guilt. Doesn't one follow logically from the other?
Not really. Protecting by law ones right to withhold information that would incriminate them is one thing. But the incarcerated guy doesn't seem to claim there's anything incriminating him in these files. He simply stated he doesn't want to share it with the cops.
My understanding is, it's not like the FBI got a warrant for this etc, and instead started flinging shit at him - which is clearly bad. But for this narrow argument, that's besides the point, IMHO (IANAL). Because in the first place, the guy simply didn't want to share this information with law enforcement. There is no claim that it incriminates him.
How that stacks up against actual US case law, I have no idea of course, but I don't see how it follows from the right to not self-incriminate.
> You can't refuse to submit evidence to court, including things like encryption keys or things only stored in your head
Out of curiosity, how does this work? If I claim I don't remember a particular password that I (provably) didn't enter for the past X months, how does the court force me to recall it? With an $8 wrench? Wouldn't that be cruel (if not unusual) punishment?
UK law runs on the "reasonable" adjective. The court would ask itself if it is "reasonable" in their own opinion that you don't have the info.
Typically it's applied to cases where the information is clearly available, like a drug dealer not remembering his daily driver laptop password, or refusing biometrics unlock. Not, we found this thumb drive within a mile of your house, decrypt it or else.
But of course the standard of "reasonableness" is murky, and you'll find plenty of cases that revolve on such contested judgment.
Idk the punishment just doesn't match the crime. Can't they just confiscate the computer? Or pressure the ISP to cancel his account? Tbh I get that the Feds are going route around and through anything that stands in their way.
Conveniently left out from the wife's story is the husband's corporate sabotage, FBI monitoring circumvention, CSAM searches and many parole violations.
In the U.S. and much of the rest of the civilized world, you have rights. This includes the right to not self-incriminate (in the U.S. that's the 5th amendment). In general, except for very specific and limited circumstances, U.S. state and federal government actors cannot compel speech (telling your encryption keys is compelled speech).
The U.K. is fast sliding down the slope to being a dystopian police state. The idea that you can be jailed for refusing to provide encryption keys (except for really specific, narrowly-defined circumstances) is something that should induce nausea. I feel for you and your country, you accomplished such great things.
I just saw that president Trump is thinking about prescribing 'Antifa' as a terrorist organisation and saying that he's 'not sure' their 1st amendment rights should apply.
I'd be a little more concerned about the state of US at this point.
As evidenced by recent developments, smaller government these days seems to mean less controls for businesses and the government but many more controls on citizens.
I know very little about cybersecurity, but my understand of TOR is that a node host wouldn't be able to offer much about the traffic coming across their server(s). The packages are encrypted and there is no entry or destination info, so he may be able to say how much traffic was coming across, but what else could he possibly know? Info on other nodes?
the Bureau can't see the traffic but they have keyloggers on all of his systems. He tried bypassing them with Spice but failed and otherwise got logged getting onto Tor and searching for dubious things
This is just extremely one sided. He intentionally sabotaged his ex employers computer systems, was hired to fix them, was caught as the original cause of the problem, fired again, then used a back door to take down their systems again. He plead guilty to this in 2014.
He was on probation and required to use monitoring software as a condition of being let out of jail early, he had a secret iphone he used to access the internet that was not monitored, so his probation was revoked. He wasn't arrested again, his probation was revoked.
The wife's account focuses on a ton of irrelevant details, the above is sufficient to explain the entire situation.
Since when did private monitoring on private property become de facto right for government to surveil? That is like saying if you have a car or computer the govt has a right to use it when they want to.
Oh boy, wait until Palantir makes a unified database of everyone, they won't even need to have a previous offense, they can make one based on all the collected information or even based on your behaviors. Great times ahead!
>> wait until Palantir makes a unified database of everyone, they won't even need to have a previous offense, they can make one based on all the collected information or even based on your behaviors.
Well, I hear that if you make being gay a crime again, you cut off the head of palantir.
Running a Tor exit node in the US is very risky for obvious reasons, and if doing so, it's just a matter of time before the operator gets to see the unfriendly side of the feds. Heck, even running a torrent node serving copyrighted movies/shows/music is too risky in the US. If you want to do these things while having a sane life, at least host them abroad, and anonymously.
Taking OP at her word, this is a horrific tale of extra-judicial abuse of an individual for refusing to cooperate with the DoJ on a matter of digital privacy. The OP wants story amplification, but to what end? The DoJ, controlled by Trump and Pam Bondi, probably think this person is getting away lightly with only a severe head wound and a comfy 3-year stay in county jail. A trial isn't necessary cops know who's bad, after all. There is already so much outrage directed at them about many other, larger scale issues, that they not only don't bend to but seem to actively feed off of it. I'm sorry to sound so hopeless, but no, there is no hope that someone elected specifically for his lack of empathy, lack of respect for rule-of-law and lack of self-restraint would ever be swayed by this story, no matter how much it is amplified. Your best bet is to fabricate a story that your husband is a fervent Trump supporter being unfairly targeted by rogue, Biden-loving elements of the FBI and an Obama appointed district judge.
We voted for this, the time to fix the problem was last November, and now we have to live with the results. It's also why I, and anyone else who values their freedom, their career, their family, needs to post such sentiment anonymously. It is NOT safe to criticize this administration.
I understand where you are coming from but I think that it is not always helpful to place everything on one administration. Calls for unity and a strengthening of the rule of law are what matter. Trump will be in for 4 years whether you like it or not, the long term protection of the rule of law should be highest priority and this case shows how it has been eroded over the last few years.
Both sides do this: the last administration had tech giants censor anyone that that promoted the lab leak theory, or any alternative to treatment other that the new vaccines. Parents interested in managing their child's exposure to sexually related material were put on watch lists.
It's not one side or the other - any group with authority has to be watched closely and rebuked when they try to expand their power.
> [Supreme Court Justice Amy Coney] Barrett ruled that for the CFAA, a person violates the "exceeds authorized access" language when they access files or other information that is off-limits to them on a computer system that they otherwise have authorized access to. The majority opinion distinguished this from Van Buren's case, in that the information that he obtained was within the limits of what he could access with his authorization, but was done for improper reasons, and thus he could not be charged under CFAA for this crime.
This still does criminalize logging into your mom’s Netflix account, probably (?), but at least browsing HN on your work computer not covered anymore.
If you steal your mom’s password without consent and she argues that you accessed information on the account that you were not authorized to see, maybe.
However the quote on its own is not necessarily true without further qualifications as mentioned above.
> However the quote on its own is not necessarily true without further qualifications as mentioned above.
It's absolutely true, you're accessing an unauthorized account. All law enforcement need to do is ask you, did you access an electronic account that was not yours ?
Some of the CFAA has been dialed back by the courts, but CFAA is a federal level offense. The scarier ones exist at the state level, e.g. Illinois specifically criminalizes violating the terms and conditions of a web site.
3 years of pretrial detention for anything less than blowing up a building should be enough to enrage anyone. Even then, the legal system would be a failure.
How is 3 years pretrial not blatantly unconstitutional and thrown out immediately?
New Yorkers spend an average of 10 months in pretrial detention. This kind of abuse is routine in the American system, and by and large Americans want it that way for their usual reasons about "crime".
I've known dozens of people in pretrial for a decade or more, it's not uncommon. Some are acquitted, most plead out or are found guilty of something at trial.
Under US law, pretrial detention is not prison. You are technically not being "punished" even though generally the conditions in pretrial are vastly worse than in prisons. (I did a deposition with a jail warden once and asked him why this was: "Because these facilities are designed for the average stay, which is 30 days if you run the numbers. Sure there are people here for a decade, but most people pay their bail within 24 hours.")
Technically most states have pretty short Speedy Trial statutes which require the gov to try you within several months of arrest. This almost universally doesn't happen because the defendants don't have all the information necessary for their defense, and because they want to run motions to try and quash any existing evidence.
Ah, you must be new here. All kidding aside, the "Global War on Terror" was the impetus for all of the surveillance and associated persecution of innocents without due process. Always disappointed, never surprised.
And the Global War on Terror wasn't even the first American War on Due Process. Remember the War on Drugs? It is mostly forgotten but the civil forfeiture remains as its legacy.
Interesting, Trump administration pardoned Ross William Ulbricht who run drug dealing business specifically because it was done behind Tor using cryptocurrency. So this was a one off?
This sounds awful lot like Middle Eastern mafia stuff, where it's technically illegal to do some things but you can do a lot of things if you are aligned with the people in power.
I have no idea what this person was up to but this selective treatment(if true) smells very bad. IIRC behind the release of Ross there was some libertarian NGO or something, maybe contact them?
> This sounds awful lot like Middle Eastern mafia stuff, where it's technically illegal to do some things but you can do a lot of things if you are aligned with the people in power.
This didn't work out for SBF, but you can clearly see this process being set up for other people.
That was the National Libertarian Party and the party chair was forced to resign in disgrace shortly after, due to accusations of kickbacks and embezzlement.
The pardon was specifically a campaign promise to libertarians, and likely little more than that.
Even if this Administration is friendly to Tor (which I doubt), the FBI is a very large organization and installing a new head doesn't magically make current caseload at the agent level go away. There are still Biden-era and even Trump v1 era investigations likely still open and active there.
> Interesting, Trump administration pardoned Ross William Ulbricht who run drug dealing business specifically because it was done behind Tor using cryptocurrency. So this was a one off?
Didn't Ulbricht get pardoned for being a hero of the cryptocurrency-bros, as kind of a deal to get support from the Libertarians in the election? I think he was a one-off, or at least part of a small category that doesn't extend to cryptography and privacy idealists.
> Months later, the government arrested him. Their official reason? A minor, non-violent CFAA charge from an old workplace dispute that had nothing to do with Tor.
This is exactly the argument for privacy to people who say "I have nothing to hide". Authoritative governments will always find a reason to dig something up and the less privacy you have the easier it will be.
As a side note it sickening to see USA government doing this arrest straight out of gestapo/kgb playbook.
>The state does what it wants and in the end it doesn;t even need an excuse.
It doesn't need an excuse because people let it not need an excuse.
Every idiot, even on HN, heck, particularly on HN and other places where demographic factors result most never having been the target of government or think that they would be, is perfectly fine with it when the government behaves this way in pursuit of things they agree with. And so the only people complaining about any one government abuse are the small minority that care all the time plus whatever group care about the specific issue.
If people would stop being two faced snakes and have some principals and stand by them the problem would decrease on its own. But that's like saying "just go as fast as light", it's not a tractable problem.
> This is exactly the argument for privacy to people who say "I have nothing to hide"
People who say this will not be swayed by any argument. What they are really saying is "I don't want to think about this".
There's a truth I've come to accept in recent times: The vast majority of people are not able to extrapolate from their immediate personal situation. If they are not effected by something right now in a way they personally feel, they do not and will never care.
Once you accept that fact, so many things make so much more sense in this world. The whole MAGA movement explains itself, the complete disregard of climate change or even local environmental issues make sense and the complete ignorance of privacy issues. The only way to sway these people is when they are personally affected. So consider this Truth the next time you find out a service has been collecting private information in an unsecured S3 Bucket.
Federal cases are generally at least partially unsealed once the defendant is arrested. Especially since the charge is supposedly workplace related not terrorism etc, then someone should be able to pull the case in PACER and at least find out the basic details.
It looks more like he got injured when tackled, but the one guy blocking the camera with his body really makes it hard to tell if they're putting work in or just holding him down. Knowing cops, probably a bit of both.
Indeed, these past few years have really recontextualized The Handmaid's Tale for me from an alternative history fantasy to an almost run of the mill "20 minutes into the future" fiction.
Atwood didn’t write it as a possible dystopian future. Every facet of the story takes place somewhere in the world right now. She has pointed this out herself on social media.
I'm not sure this has anything to do with the current president. This type of cowboy judge shit has been happening for decades, we just rarely hear about it.
I left the US 10 years ago when Obama was still president. It's been obvious to me that we've been in decline for decades. The state of the US is not surprising to me. It is however still shocking and sad to see.
You clearly never seen police dashcam videos in the US. Besides the corruption and stops for "hunt missions", a lot of times it's simply because you shattered their ego, even with a simple laugh: https://youtube.com/watch?v=NqJdt9_1XSw
I think you are being sarcastic, but in case you weren't, in 2014 60% of adults in the US owned a smartphone, so my point stands. Videos of police misconduct were already widespread before that. Someone took video of the killing of Eric Garner, etc.
For whatever it's worth, the Reddit story here says that the federal courts used "fraudulent warrants to jail my husband again". Maybe! The other side of that story, via PACER, is a detailed parole violation warrant (you can hear the marshal refer to it in the video); the violations in that warrant:
1. Admitting to using cannabis during supervised release
2. Failing to make scheduled restitution payments and to cooperate with the financial investigation that sets restitution payment amounts.
3. Falling out of contact with his probation officer, who attempted home visits to find him.
4. Opening several new lines of credit.
5. Using an unauthorized iPhone (all his Internet devices apparently have keyloggers as a condition of his release).
These read like kind of standard parole terms? I don't know what the hell happened to get him into this situation in the first place, though.
OK, I think I found the original thing Rockenhaus was convicted of.
Back in 2014, Rockenhaus worked for a travel booking company. He was fired. He used stale VPN access to connect back to the company's infrastructure, and then detached a SCSI LUN from the server cluster, crashing it. The company, not knowing he was involved, retained him to help diagnose and fix the problem. During the investigation, the company figured out he caused the crash, and terminated him again. He then somehow gained access to their disaster recovery facility and physically fucked up a bunch of servers. They were down a total of about 30 days and incurred $500k in losses.
(He plead this case out, so these are I guess uncontested claims).
>He plead this case out, so these are I guess uncontested claims
In a technical sense, this may be true as part of the plea agreement.
In reality, a lot of plea deals are made because of various factors, which unfortunately is often not that the person accused is guilty, rather the risk of going to trial or especially the cost of going to trial is too large.
I feel the need to point this out as too many folks look at “accepted plea deal” to mean that the person accepting is the guilty party when it can be more complicated than that in reality even if technically by judicial process they are by accepting that considered guilty.
That said, in this particular case, the hard evidence suggests that indeed, the person accused committed the crimes they pleaded out for
If all of that is true, then that is a very serious CFAA charge. It makes sense that they would want to downplay it as "minor" and "not relevant". It sounds like the parole violations came later? In any case, thank you for researching. There is always more to the story.
Weev 'violated' the CFAA for incrementing a GET request, with his overturned conviction only for wrong jurisdiction. So the government has put us in a position where it's hard to take the CFAA seriously.
We also know from prosecutions in other statutes that the government will often prosecute a a broad crime with many separate sub-definitions of the various way you can break it, then refuse to tell you under which sub-definition you're being charged, meaning you have no way to know if the jury even were unanimously convicting for the same thing and no way to know what you're even defending against.
As you probably know, it's everything that happened after they incremented that HTTP request that formed the basis for his charges. Message board discussions tend to want to distill "hacking" CFAA cases down to the specific shell script that ran, but these cases are almost always heavily situational and fact dependent.
Interestingly, Rockenhaus's isn't --- it's more or less exactly the circumstance foreseen by the authors of CFAA, who believed that even though existing law covered most hacking-type scenarios, they didn't form a clear basis for felony charges for purely destructive computer abuse.
This case has far more than the CFAA violation, though. There were multiple parole violations after the first incident, multiple attempts to evade the parole restrictions on Internet use, discovery of a pedophilia relate search query on his computer, a history of intentional damage to a company’s infrastructure to disrupt their operations, and more.
Being angry at the CFAA is one thing, but this case has no relation to modifying a simple GET request.
> We also know from prosecutions in other statutes that the government will often prosecute a a broad crime with many separate sub-definitions of the various way you can break it, then refuse to tell you under which sub-definition you're being charged, meaning you have no way to know if the jury even were unanimously convicting for the same thing and no way to know what you're even defending against.
Could you give some examples of this?
Yes, https://www.courtlistener.com/docket/63291773/united-states-....
Navy sailor was convicted of possessing machine guns and destructive devices.
The ATF for example put back together de-milled RPGs, which could be a destructive device
However the statute says the following:
The ATF took his demilled RPG, put another gun (owned by the ATF) inside of it, then fired it to prove it had a bore over 0.5 inch capable of expelling projectile.But the state didn't tell him under what definition he was charged, so they didn't know if they were defending against the collection of parts the ATF took (falls under 3), or against the weapon the ATF claimed it was after they put the parts together (which falls under 2).
The normal answer to this is to request a bill of particulars, which was not requested here (afaict from the docket).
I think there is some slightly down-in-the-weeds confusion here - what does an indictment require vs ...
I think they screwed this up at trial and then tried to argue the indictment was insufficient, but i doubt they will get any appeals court to bite on this.
I posted it elsewhere, but you can listen to the oral argument of the appeal here:
https://www.ca4.uscourts.gov/OAarchive/mp3/23-4451-20250912....
It is a very accessible argument (in the sense of not need legal knowledge to usefully process it).
You can hear the judges sort of struggle to understand how this is an indicment opportunity, but really do seem to be trying to understand. They give counsel an opportunity to try to distinguish and explain things. Att around 10 minutes, one of the judges asks counsel for the bset case he has that says he's right, and he can't come up with one at all.
Which is probably the point at which he lost this appeal. :)
As i said elsehwere, i don't blame the lawyer - this seems like it woudl be a very hard case to win because of choices made at the level below. They are essentially arguing things they know will lose because nobody objected to things they should have at the level below.
Thanks for the reference! For the convenience of anyone else reading, the appeals docket is at https://www.courtlistener.com/docket/67566242/united-states-.... Note that there are two appeals briefs; it seems the defendant replaced their attorney at some point during the appeals process.
For what it's worth, I think this is the government's response to the argument you raise (on page 22 of the response brief, PDF page 30):
> Section 5845, captioned “[d]efinitions,” is a definitional provision, not a criminal prohibition. As relevant here, § 5845(b) defines the term “machinegun,” and § 5845(f) defines the term “destructive device.” These definitions do not create additional elements of the offenses charged under §§ 5861(d) and 922(o). Therefore, the government was not required to charge the applicable definition(s) in the indictment. See, e.g., Robbins, 476 F.2d at 30 (holding that an indictment under § 5861(d) need not refer to the definitions in § 5845 to “fairly notify a defendant of the charge against him”); United States v. Hoover, 635 F. Supp. 3d 1305, 1316 (M.D. Fla. 2022) (rejecting the argument that the government “was required to plead the specific facts supporting its contention that the [firearms] at issue fall within the definition of a machinegun”); cf. United States v. Pennington, 168 F.3d 1060, 1065 (8th Cir. 1999) (“The indictment’s failure to cite [18 U.S.C.] § 1346, a definitional provision, and to use its specific term, ‘honest’ services, does not mean no crime was charged.”).
And defendant's response, page 5:
> The question is whether the indictment “fully, directly, and expressly, without any uncertainty or ambiguity, set forth all the elements necessary to constitute the offence intended to be punished” and whether the indictment complied “with the necessity of alleging in the indictment all the facts necessary to bring the case” within the intent of the statute. United States v. Carll, 105 U.S. 611 (1881) (emphasis added). The government’s failure to give any specificity in the indictment cannot be remedied by wriggling as to whether the missing information can be considered an “element” or not. Even if the government were correct that the particular definition (or definitions) the prosecution is proceeding under does not change “elements,” it changes the “facts” underlying the scope of the statute.
I have no idea who is correct legally, and since oral arguments appear to have been held a few days ago I suppose I'll have to wait to see who is right.
The appeals court did not seem very impressed.
The oral argument is here: https://www.ca4.uscourts.gov/OAarchive/mp3/23-4451-20250912....
The first question they asked is "why didn't you ask for a bill of particulars?".
Overall, they seemed very confused as to the argument made here - why is the indictment actually insufficient, and what words did you want them to use instead.
I don't think this will be a successful appeal at all - they seem to all agree this is not stuff that goes in an indictment, and to the degree that there was ambiguity, the correct answer was to request a bill of particulars.
At around 10 minutes, one of the judges asks counsel for the best case he has that says he's right, and he can't come up with one at all.
Which is probably the point at which he lost this appeal. :)
To be fair, i don't blame the lawyer, and i expect why the judges are being not too hard on him, is because he's doing his best to argue a losing case because of choices made at the district court level.
In this case you have the evidence of what he did and it does in fact look pretty serious.
> his overturned conviction only for wrong jurisdiction
What are you getting at?
If an appeals court says “wrong jurisdiction”, that’s an “rm -rf” on the whole entire case. There’s nothing left to argue about.
Yes there is, they can reargue the whole thing in another jurisdiction since he was never 'in jeopardy.'
Considering he was convicted in another jurisdiction, and they can retry him in the 'right' one, why wouldn't a reasonable person anticipate that might happen?
I don't think Weev is living in Ukraine/Transnistria to practice his Slavic languages.
And the reason why I brought up it was overturned, was because I knew someone would mention his case was vacated, and I wanted to make clear it wasn't vacated because there was something improper found about the legal question of the CFAA.
They could start over in the correct jurisdiction. Yes. The case that was being appealed is gone. Gone.
I think that the type of person that excels at software development would also excel at lawyering. But they should probably go to law school and pay attention in class.
> > his overturned conviction only for wrong jurisdiction
> What are you getting at?
> If an appeals court says “wrong jurisdiction”, that’s an “rm -rf” on the whole entire case. There’s nothing left to argue about.
I think your parent comment meant something like "the case wasn't overturned on the basis of deficiencies in the legal theory of the crime."
Generally this is a good thing to happen, because it's fairly quick and easy to argue you're in the wrong jurisdiction... and if that's the case, it doesn't matter what the legal theory was, since the court couldn't convict you anyway.
Perhaps selfishly, I'd rather get out of a trial in the motion to dismiss stage, rather than having to very-expensively argue the merits all the way to the end.
"jurisdiction" literally means "the power to say what the law is"
If the court had no jurisdiction, it is not possible for them to rule on "deficiencies in the legal theory of the crime" in that case.
If it’s in the wrong jurisdiction, the court doesn’t get to the point where they look at the legal theory.
Right. I think your parent comment was pointing out that it's not that the legal theory failed, but that it was never tested, and so might (or might not) still be sound.
What does "incrementing a GET request" mean?
As an example: Take a look at the URL of this page (https://news.ycombinator.com/item?id=45261163). Add 1 to that ID value (45261164) in your address bar. Hit Enter, your browser will GET whatever exists at the next ID.
Ok, that makes sense but why is this so serious? Is this a grave crime in some context?
Because people think they are clever and are trying to separate the act from the intent.
Unlocked doors, open windows, any lack of security doesn't give you permission to enter. Just as "incrementing a GET request" doesn't mean anything outside of the intent.
The intent was to do damage.
It's not about the actual HTTP request. Per se unauthorized access is just one predicate in these kinds of cases. It's about what the prosecutors claim you were doing when you made the access.
He incremented a number in the query string of a get request
https://www.w3schools.com/tags/ref_httpmethods.asp
Okay but what information did he obtain by doing that? If I break into a mistakenly locked police station, surely I cannot use the excuse "I was simply turning a door knob"
The CFAA isn't super complicated. It basically boils down to:
Don't fuck with other people's shit if they don't want you to.
The CFAA is in fact pretty complicated. The text of the law isn't, but the implications of that text are, and so is the jurisprudence. Rockenhaus's CFAA case does not appear to have been at all complicated, though.
Are you a lawyer by chance?
I seem to remember cases or interpretations of the CFAA in which even guessing the username password combo of "admin:admin" would violate the act, resulting in teenagers or children being caught up in cYbEr FrAuD
It doesn't matter if you brute forced their crappy login with commonly-used credentials. You think it's OK for someone to rummage around in your garage just because they correctly guessed your keycode was 12345? Of course not.
Doesn't this posture also criminalize white-hat hackers, whose disclosures would protect you from the people who actually want to do damage?
> Doesn't this posture also criminalize white-hat hackers, whose disclosures would protect you from the people who actually want to do damage?
There is no law for "white-hat hackers". You don't get to break into a system because the color of your hat.
"White-hat hackers" have contracts, or very specific rules of engagement. Having run many a bug bounty, if someone was malicious, we would absolutely work to prosecute.
You can also find bugs in software freely, as long as you don't obtain unauthorized access to other people's systems.
This isn't true: there is, jurisdictionally dependent and I think also dependent on DOJ norms, a broad exception for good-faith white hat vulnerability research that would otherwise violate CFAA. Like I said, CFAA is very complicated in practice.
(I don't know enough about the CFAA to know whether this is true so I'll assume it is.)
To continue the garage door analogy, you wouldn't walk up to any random garage door and try code 12345 to help protect the owner's stuff, would you?
To stick with this analogy: I think a white hat equivalent would be more like driving down the street with a garage door remote set to a default code and then notifying anyone whose door opens in response that they should change their code. I don't think that should be illegal.
You think walking through an unlocked door should result in federal charges?
Walking through an unlocked door that has a sign "private property, do not enter", searching for sensitive information, finding it and exposing it surely could.
Or not, depending on how the party who owns what's inside that door feels. But if it feels he should be prosecuted, then hell yes, the state should do that. My 2c.
So what about using rakes or bump keys? Very low tech, very easy. Can defeat some poor quality locks.
So now the door is unlocked?? Where are the goal posts?
Don't mess with people's stuff if they don't want you to. This seems very simple to me. But I'm aware that you're trying to find some fringy gray area where you think it will be OK to mess with people's stuff even though they don't want you to.
I'm more focused on the assertion that "The CFAA isn't super complicated."
Which raises sincere doubts about the commenter's credibility to make such a claim.
How does „you’re not allowed to guess credentials“ mean it’s complicated?
I think that's a massive oversimplification of how the CFAA has been applied.
If those teenagers or children enter someone's house and vandalize or steal because the door (or window) isn't locked, is it no big deal?
Breaking in in a system, whether or not the password was easy to guess, sounds like a crime to me.
It is a crime!
But CFAA charges should, and this is the issue a lot of people have with them afaict, have a sliding scale for premeditation though.
If I knock on a door, it swings open, and I walk inside and steal something, then imho there should be a lesser maximum charge for possessing burglary tools than if I show up with a lock gun, crowbar, and concrete saw.
A lot of the CFAA excesses are maximum penalties from the CFAA being thrown at people using minimally sophisticated / premeditated methods, in addition to charges about the underlying crime.
That doesn't seem just or fair.
In practice it's turned into an if(computer){increase maximum penalty} clause, solely at the government's discretion.
>If I knock on a door, it swings open, and I walk inside and steal something, then imho there should be a lesser maximum charge for possessing burglary tools than if I show up with a lock gun, crowbar, and concrete saw.
Why? (I'm not a lawyer...) - shouldn't intent and harm (i.e. the value of the stolen item) be the only relevant details? Now of course its much easier to demonstrate intent if there's a crowbar involved, but once that's already established, it seems irrelevant.
Because that's the way most method-specific laws work, at least in the US.
There's an underlying result crime (eg causing business harm by destroying a database), then the method by which one chose to do it (eg exceeding authorized access to a computer with the intent to cause harm).
The CFAA was originally passed under the erroneous worry that existing laws wouldn't be enforceable against cybercrime, which turned out to generally be false.
When you cause damage, there's almost always a law by which someone can sue you for those damages.
What there wasn't, and what the CFAA created, were extra penalties for computer crimes and an ability to charge people with computer crimes where there were no damages (eg Aaron Swartz).
And why should those things need to exist? Theft is theft. Destruction is destruction.
It was an underspecified law, ripe for prosecutor overreach. See: https://www.congress.gov/crs_external_products/R/HTML/R47557...
It fit with 'premeditated intent' intensifiers (where penalties escalate if premeditated intent can be proven)... but that wasn't actually how it was written or how it is used. Instead, it's a method-based checkbox that allows prosecutors to tack on additional charges / penalties. If a computer was used to destroy this thing, add X years the sentence.
You have a point. But on the other hand you have no idea of what tools the intruder possesses, only (at best!) what they used.
I think intent probably matters a lot more than the technicality of how you succeeded.
It does sound like a crime to me too. But was it a password or other credential that was guessed, or was it just some sequential primary key? The latter is not an authorization system, and I do not believe it a crime to do that unless you have specific knowledge that it is likely to cause damage and/or the intent to cause that damage.
As far as I am concerned, I am allowed to send any traffic I wish to public-facing hosts, and if they respond with content that the owners would not wish me to see, I have no responsibility to refrain. The only traffic I am not permitted to send are credentials I am not authorized to use (this would include password guessing, because if I manage to guess correctly, I was still not permitted to use it).
So which was it?
You are not allowed unauthorized access regardless of how the key works.
> I am allowed to send any traffic I wish to public-facing hosts
No you're not. Denial of service is a federal crime.
> I have no responsibility to refrain
Yes you do, and this is just beyond silly. The nuance of how you obtained it will be decided in a court. Stop making everything so reductionist and lazy.
> The only traffic I am not permitted to send are credentials I am not authorized to use
Absolutely not. Use of a vulnerability to cause a data breach is OBVIOUSLY a federal crime.
This is beyond absurd.
Maybe as far as you are concerned, but not as far as the law is concerned ;-)
Well, I guess it's a good thing for me that they're unable to notice or care and in general incompetent.
I am still permitted to do this. None of the details of this case give me the impression that they're using CFAA in such a way as to offend my sensibilities. Sounds like he sabotaged a former employer and caused hundreds of thousands in (tort not physical) damages. I guessed the urls for some issuu.com links that aren't available in search, and downloaded the page images to make a pdf. I was never prompted for a password. Arrest me, I'm a notorious hacker.
I mean... if someone walked into your house cause you only closed the screen door while running to the store quick you'd still call the cops cause there was someone breaking into your house lol.
Sure but I wouldn't expect that guy to get locked up on federal charges simply for being in the house without authorization.
Yep...
Shutting down the server (you solely maintained) before leaving would be "minor" to me... intentionally causing damage, earning money from that, getting caught, and again causing physical damage.. that's pretty "major" to me.
And yet fraudulent warrants, if they are indeed fraudulent, are still illegal and immoral and a violation of this criminal's rights.
As far as i can discern, the warrants aren't fraudulent.
Warrants (in the US anyway) require reasonable belief that the crimes listed were committed.
They don't have to be right, mind you (after all, that's what trial is for), they just need reasonable belief.
They also can't recklessly disregard the truth (IE deliberately write lies they know are wrong).
Again, it's okay for them to be wrong about their belief. It's just not okay to know they are wrong and write it anyway.
Here, reading the warrant, etc, there is nothing obviously fraudulent here.
Perhaps it is, of course, but i read everything i could find and it's completely non-obvious which part of the warrant is supposed to be fraudulent.
Even the sort of retaliation claim made here is strange - Arresting you when you appear to actually hvae broken the law is generally only considered retaliation if (among other things) the enforcement of the law is uneven - IE targeted at you and nobody else.
Given the arrest was for a parole violation and they arrest parole violations like this all the time, ....
Like if you are at a traffic stop becuase you ran a red light, call a cop an asshole, and they arrest you because you have 50kg of cocaine bricks in your back seat, it's not retaliation.
Retaliation would be if you call a cop an asshole on facebook, and they come arrest you for violation of an 1825 law that hasn't been used against anyone in 200 years.
Thanks. The overly aggressive arrest was not warranted, obviously.
However, I suspected there was a lot more to this story when the original post buried the actual reason for the arrest several paragraphs down and tried to dismiss it as “minor”. Intentionally damaging a company’s infrastructure with an intent to disrupt their operations is a very serious charge. Not a “minor” disagreement with a former employer.
Here's what the wife says about that[1], for the record:
> The Origins of a Retaliatory Prosecution (Texas, 2019-2022)
> Early 2019: Conrad Rockenhaus, a supporter of free speech, runs Tor exit nodes used by journalists and activists. Federal agents demand he assist them in decrypting traffic; he repeatedly refuses, asserting his constitutional rights.
> The Coerced Confession: The case against him began when he was forced to confess to a non-violent CFAA (computer crime) offense while under the influence of prescribed painkillers and not lucid following a major surgery.
> The Pretextual Arrest: Just months before the 5-year statute of limitations was set to expire, the federal government arrests Conrad on the CFAA charge. The family alleges this was a pretext for his refusal to cooperate on the Tor matter.
[1] https://rockenhaus.com/press-kit/
All that is as may be, but the CFAA charge here isn't pretextual; what he's alleged to have done is pretty serious by any standard. I have no trouble believing that the prosecution was motivated by Tor drama, but all that tells me is that the DOJ had real cards to play, and they played them.
My guess is that things would have gone substantially worse for this person had he taken that case to trial.
Having seen the system up close, I hesitate to draw conclusions from cases that don't go to trial. Doesn't really sound like they have the means to afford trial, or at least a chance at a fair one.
That's a pretty good reason not to break into your former employer's data center to unplug a bunch of servers because you're mad they terminated your contract. That would not have been a difficult case to prove up.
Good grief. This is also part of the reason why I have a pact with my coworkers: if I’m terminated, kill my access immediately and universally, and I’ll do the same for them. I don’t even want to have the ability to look at stuff anymore. Remove any shred of possibility that I could get into shenanigans later.
I also follow the closely related addendum: I do not want standing admin access to your system, unless I need it often enough it really impacts my productivity. Doubly so if it's not hooked up to SSO. If the database gets breached, I don't want my name on the list of people who had the admin password.
Most big businesses are good about that, but I've helped a couple family members with their business' WordPress and just have standing access that I really don't want. They don't want to juggle activating/de-activating my account though, so /shrug.
Same all around for me. I have a couple of longstanding accounts on local businesses I help out, but it’s all via VPNs that send the owner an email when I connect. I also refuse to do any work unless they ask me in writing. Text is OK, and I screenshot it. “Why did you give such-and-such rights to that employee?” “I have it in writing where the owner asked me to, Your Honor.”
This has never come up before, but it’s easy enough to be diligent about it.
Also: I keep a little paper notebook where I log the work I do for everyone, and occasionally have someone else sign and date it. It’s basically a cheap blockchain IRL. “How do you know you did this before you stopped doing work for them?” “Because the owner signed and dated the logbook after I did the work but before they hired the new IT person.”
I’m suuuuuper nitpicky about diligence in all this, for the protection of everyone involved, and especially me.
That shouldn't require a pact, that should be part of the standard check list for ending employment. (The list is longer for those who have root, but it should still be a list.)
For sure, and I’m often the one who makes the list, and one with root. But the big thing is to do it quickly, like within the hour, and diligently. Don’t say, oh, I’ll give him a chance to access his email and download stuff, or whatever. No! Like, cut me off completely right now.
Then, if something breaks down the road, there’s no temptation for them to wonder if I had anything to do with that weird failure.
(And obviously, don’t freaking hack your ex employers! But also don’t even leave the impression that you could.)
I agree with the overall point. (And WTH would you ever have things you need to download in your work email?) But there's not an employer I have ever left that I couldn't have done extensive damage to without any permissions at all. Not that I would ever add a felony charge to even the most bitter firing, but I could.
> And WTH would you ever have things you need to download in your work email?
Because you got a university email as a student 20-30 years ago back when .edu emails were "for life". Then you started working at the university as a staff-person under the same email. Then 20-30 years later you're leaving, and much of your digital identity is inextricably linked to that old "personal" email.
I'm sure that's probably true for all of us, to some extent. Things holding me back:
1. It's wrong. That's not how my parents raised me.
2. I value and protect my reputation.
3. I want to be able to have another job in the field without being permanently deny-listed.
4. Prison sounds awful.
Yeah, I usually stress to employers and clients that I want to be cut off quickly, and usually remind them of what they need to lock me out of when I leave.
Even then, I've had clients for whom things have broken come to me in despair hoping I'd kept access. The day one of them for whatever reason decides to suspect that I was the one to break things, I will be very happy to be able to point to consistently having done what I can to ensure I get locked out.
I've had that, too! Fairly recently, an ex client who sold their business to someone with a full-time IT staff asked me if I had the password to unlock their NAS. No, I didn't. I turned all those over to the IT staff, strongly recommended that they change them, and deleted my local copies. Sorry, but no, I can't help you with that.
This is exactly what all big corporations (rightly) do, and when layoffs come around you see waves of people making sob stories about how nobody told them and suddenly their work laptop stopped working from one minute to the next, or they didn't even let them inside the office because they were terminated during their morning commute.
Yeah. That’s actually a favor in disguise. Now they can’t accuse you of stealing or destroying stuff on your way out.
BTW, last time I posted stuff like this, someone thought I was treating this like an alibi: “ah ha! Now I can run amok and not get blamed for it!” No. Don’t do that, lest ye end up with a felony and permanent unemployability. I just mean that when things inevitably break due to natural entropy, the first question is often of who had access, and you don’t ever want your name to be on that list.
good find, there's often more than meets the eyes in these stories. folks forget that the court/case records will reveal hidden details.
Yep, and people forget that news is often only news because it's not normal. Otherwise you simply wouldn't hear about it.
People take this to the extreme and think that their country is somehow a lawless hellscape where police are openly shooting innocent people, dragging them from cars for seemingly no reason etc... but those stories make the news precisely because it's not the norm.
So the post is really click bait and does not tell the whole story?
It’s a calculated appeal by a biased narrator (his wife) who knows how to exploit the anger and sympathies of a community that often doesn’t click links, read documents, or look for facts before passing judgment (Reddit)
This is why in some corners of the internet we adhere to the "not your personal army" mantra.
> "not your personal army"
4chan in 2010? Is this really ever even said anymore?
This may be overly cynical. I suspect that she's getting her biased account from the only person she knows who is technically savvy: her husband. She accepts this uncritically, and that some very large fraction of the spin originates with him. Some stuff (like ignoring that the drug use violates probation) might be hers, but the rest probably isn't.
This is why Reddit has become a cesspool. Looking at some of the Reddit comments: “fascist, thank trump” without doing any bit of research on the story. Reddit harbors anger and frankly dangerous thoughts from the habitually outraged and poorly informed on details.
Yeah this is why I tell hacker/cracker corporate types to not even joke about time bombs and backdoors in company software.
While I'm sure this is criminal behaviour it seems debatable that this dude is a danger to the public. But there may be more to it I guess.
Oof. Any links to this one?
I believe this is the primary case being currently contested: https://www.courtlistener.com/docket/69848942/united-states-...
This appears to be the earlier filing, but I'm not savvy enough to pull the underlying docs if indeed I can (where I am used to viewing PACER documents I get a permissions error): https://www.courtlistener.com/docket/66960649/united-states-...
(If you install the RECAP extension in your browser you can cache downloaded PACER docs and they will get linked from Courtlistener. Lay users can sign up for a PACER account and if you use less than $30 of document access charge per quarter it will be waived)
Your second case was in the WD of Texas which is where he was arrested - it's just minutia to have him 'removed' to the ED of Texas to face charges where he was indicted - this is the main case there:
https://www.courtlistener.com/docket/16517474/united-states-...
Here's his plea: https://storage.courtlistener.com/recap/gov.uscourts.txed.19...
My recap is acting up a bit so I'll just copy/paste in case it doesn't grab docket entry 158 - the 'factual basis' for the plea:
1. That the defendant, Conrad Rockenhaus, who is entering a plea of guilty, is the same person charged in the Indictment;
2. That the defendant worked as a as a developer services manager, and later an infrastructure architect, for an online company providing travel booking and vacation services to customers (hereinafter, Victim Company );
3. That the defendant had access to and could control computer code located on Victim Company s servers throughout the country, including computer code that controlled business functions such as marketing, scheduling, and payment processing;
4. That on or about November 11, 2014, the defendant remotely accessed, without authorization, the Victim Company s servers from his residence in the Eastern District of Texas;
5. That on or about November 11, 2014, the defendant executed a computer code or command that shut down one of Victim Company s servers, which in turn caused several other Victim Company servers to crash;
6. That the defendant was retained by Victim Company to assist with the restoration of Victim Company’s servers;
7. That during the remediation efforts, the defendant, without authorization, disconnected Victim Company’s servers in Plano, Texas, in the Eastern District of Texas, causing further business disruption;
8. That the defendant’s actions cost Victim Company at least $242,775 in lost revenue and at least $321,858 in recovery and remediation costs.
Edit; Recap worked,
Here's the link to the full docket: https://www.courtlistener.com/docket/16117870/united-states-...
And the factual basis for his plea: https://www.courtlistener.com/docket/16117870/158/united-sta...
well the whole thing tells the story of a man with lacks a lot of impulse control and serious anti-social behaviour.
I knew people like that, that where unnable to put their lifes togheter until they where fully medicated.
He was also placed under electronic monitoring program and immediately went about installing a VM to allegedly circumvent the monitoring software along with searching for a very controversial website relating to pedophilia...
He also lied about using his computer, his wife told on him to his parole officer, according to the court documents.
He was on parole for DDOSing* a former employer...
*Ah, I see your update, guess it was less distributed and more direct denial of service with the physical destruction and all.
“very controversial website related to pedophilia” -> you are referring to NAMBLA? if so, i think that is not uncommon search for people interested in history/wikipedia deep dives, i don’t think you would search this if you were actually a pedophile as it is a historical thing.
[dead]
Yeah, I read that transcript supplied in the Reddit thread and I was thinking to myself “why would you include this as evidence to support your case”?
The wife makes a big deal about how one of the agents testified that Spice was an operating system, then she went on to falsely claim that it was merely a “graphic driver”. However, later in the in the transcript another agent corrected the error of the first agent and explained to the court that Spice was a means of accessing remote VMs, which could be used to circumvent monitoring software.
This combined with the fact that there was no internet activity subsequent to the software being downloaded is pretty damning evidence.
From reddit post, from transcript at https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...
The use of an encrypted Tor node would likely be a violation of that restriction regardless of what is being accessed.The chain would then appear to be: convicted of computer crime -> required computer monitoring software during supervision -> installed and used Tor -> supervision violation and revoked to prison.
As I understand it --- I haven't read deeply enough to confirm this, it's what I've pieced together from the Reddit thing --- the Tor stuff came long before any of this. What I gather is:
1. Back in 2014 this person committed a pretty grave computer offense, which was not at the time prosecuted.
2. Some time after that, he became a high-profile Tor relay operator.
3. Some time after that, he was asked to subvert those Tor relays by the DOJ.
4. In 2019 he was prosecuted for the computer offenses, and convicted.
5. In 2021, he was released on parole.
(I think there's a long string of parole issues after that, and then)
6. In 2025 he was accused by the probation office of violating his parole in a bunch of ways and taken into custody.
The setup of Tor has some specific dates in the transcript. Page 10
Page 11 and 12 If I read this correctly... in August he was required to install the monitoring software (likely within 1 month).On September 22nd, 2019, the monitoring software was downloaded. On September 23rd, Tor was installed. No internet activity was detected for the remainder of September or October by the monitoring software.
I don't believe that 2 or 3 come into play in terms of the parole violations (including the subverting of the monitoring software).
It would have been extraordinarily dumb for someone on parole electronic monitoring to install Tor, but my understanding of Tor's role in the bigger story is that it's about stuff that was happening many years ago. There's nothing about Tor in the parole violation warrant; just that he had an unauthorized iPhone, and when they did a forensic inspection of it, there were no further violations discovered on that phone.
https://trellis.law/doc/district/8373835/united-states-v-roc...
The defendant plead nolo contendere (no contest) in 2014. Any activity between 2014 and 2019 was under supervision restrictions. Any use of Tor during that period would likely be an issue.
Page 6 of 8:
His activity, no matter how it is framed, was in violation of the supervision orders.Furthermore, he worked to circumvent the monitoring software in September of 2019 and had no internet activity recorded in October of 2019.
> 1. Back in 2014 this person committed a pretty grave computer offense, which was not at the time prosecuted.
> 2. Some time after that, he became a high-profile Tor relay operator.
> 3. Some time after that, he was asked to subvert those Tor relays by the DOJ.
It wasn't prosecuted because he plead no contest. After that, the use of Tor was in violation of supervision. I read #3 as "you're not running the monitoring software as required" which would subvert the exit nodes... but he shouldn't have been running them in the first place.
I don't think this is accurate. I think the charged conduct occurred in 2014, but from what I see on PACER, the prosecution (and subsequent plea) was in 2019.
Hmm... You have something there (and I was likely off in my timeline). The case was filed in August 2019. The document was filed in 2022(?). The transcript was from 2020.
Given the plea in 2019 and those conditions... as shown in the judgement document, the things that were alleged in the 2020 transcript were a clear violation of those conditions.
Where there any pretrial bond conditions prior to 2019?
There wasn't any "pretrial" before 2019, because he hadn't been charged.
The funny thing about rights is that you have them even if you've done other bad things. The thinking on display here ("the guy was a criminal anyway") is the primary slippery slope to tyranny that we have seen in the past 100 years.
Seems like he was legally eligible to be arrested for a variety of reasons. The FBI is still not allowed to use fraudulent warrants to that end. The rule of law is no such thing unless it applies to everyone equally.
Help me understand where you're seeing the "fraud" here? The warrant I'm reading is off PACER. It was very definitely approved by a judge.
> "the guy was a criminal anyway"
He violated 6 or 7 criminal things.
I'm on the civil rights and free speech maxxing side, but this was clearly a criminal in the act of actively criminaling.
The danger here is in crying wolf when this isn't a case of rights being violated for a non-perpetrator. This guy was willfully breaking laws left and right.
Don't cry wolf. We need that energy elsewhere.
The part where he sustained a head injury during arrest and was denied medical help is definitely a violation of his rights. The rest ... yeah
Yeah - even if George Floyd’s arrest was lawful, arresting him in using such violent force he died is certainly not. Saying “well he was a bad guy and had done bad things” doesn’t justify inflicting head injuries or holding a roadside execution.
Yeah, but apart from that …
While the abuse by the system needs to be dealt with, if you are going to be a TOR exit node operator (or a thorn in the FBI's side in general), don't do the above. I sympathise with him in spirit, but this is a severe tactical blunder.
It gets worse... both the wife and (either their husband or a previous partner) have their own threads on kiwi farms and are closely tied to both Encyclopedia Dramatica and Ethan Ralph. There's videos posted of them showing signs of severe mental illness.
https://0x0.st/KcyY.jpg
Saying this only because I'm probably speaking for a lot of people here, but: I have no idea what any of that means.
Kiwifarms is a forum for harassing people. Famously Near (the developer behind BSNES/Higan emulator) committed suicide in part due to the abuse he received from that forum. And people on kiwifarms celebrated his death.
Only reason I know of it is from the thread at the time on HN.
orchestrated harassment campaigns happening. I'm being intentionally vague on who is the perpetrator in this situation because usually its just a chaotic pileup with no reasonable persons involved.
My recommendation: ignore and swipe under the rug anything where KF is in play. Whatever it is, visibility feeds it.
Kiwifarms is a forum that mainly is about chronicling the life events of people it can laugh at, often those suffering from mental illness.
Oftentimes, kiwifarms users directly harass or manipulate their targets to try to provoke more weird behavior, usually directly making the target's life worse in the process.
I can see why it's entertaining for folk (kind of like watching reality television), but overall it seems to have a pretty negative effect. And if you hang out there too long, it seems like you tend to lose human empathy.
What does it mean to be "closely tied to Ethan Ralph"?
No idea, sorry. Google seems to indicate he's some kind of podcaster.
I think it means we have very good reason to believe OP/adezero is severely embellishing the story and is simply lying (and has a documented history of it), even without all the actual evidence pointing directly to that.
People with severe mental illnesses still have Constitutional rights, including one not to get their head bashed in.
Running a Tor exit node is also not a crime, and he ran it long before there was any conviction. And asking to decrypt incoming traffic (from other nodes) is really sus; it has nothing at all do with the accused’s parole or alleged crimes.
> People with severe mental illnesses still have Constitutional rights, including one not to get their head bashed in.
Yes, I wasn't trying to imply that. But according to court records he got hurt because he was being combative during the execution of an arrest warrant.
> Running a Tor exit node is also not a crime
Probably correct, and the original headline seemed to try to imply that it was in fact what they got in trouble for (it has since been changed), but there's way more to this story than OP lets on... by a mile.
. . . which means what, exactly, for those of us who are not Very Online?
We have to consider that crime on the internet is as real as crime in real life. Funny to say it out loud. Criminals move a certain way and just because you are a nerdy tech dude doesn’t also mean you’re not a gangster.
Edit:
Reminds me a lot of the lives of people in this saga:
https://www.amazon.com/gp/aw/d/B01L8C4WBG/
The poor wife, “can you stop being a criminal for like, one month, please?”.
> We have to consider that crime on the internet is as real as crime in real life. Funny to say it out loud.
According to the court documents his crimes extended into “real life” as well, with intentional damage to his former employer to shut down their operations.
I mean this is how the law enforcement part of the federal government uses its weight, Aaron Swartz's prosecutor-style to bully people.
Cannabis is harmless and a lot of people use it as medicine, even if they think of it as recreational. "Oh I need it to relax." Then its an anti-anxiety drug, not a 'party' drug. Limiting this is just cruelty and an easy 'win' for LE. Same with justifying the slaying of Philando Castile and others (he had pot, or pot in his system, thus a criminal undeserving of rights or due process).
Once the federal government is onto you with a case like this, all your money is gone. Either to lawyers or your bank accounts are frozen and things like that. Failing to make payments is a feature, not a bug, in this system. I'm not going to tell everyone here how to live, but its ideal to have money that's squirreled away in a place hard to be frozen because tomorrow this can be any of us. You host a vpn on a vpn somewhere? Use tor? Said the wrong opinion online? Heaven knows, but the hammer falls on a lot of people and there's no mercy to it.
Lines of credit, again, fits in with the above. People need to feed themselves, pay rent, pay lawyers, etc. I've never been accused of a crime but I've done a lot of legal stuff in my life with lawyers and such, and everything about this system is unbelievably slow and expensive. It isn't like Hollywood portrays it at all. The money needed here is more than more people can muster just to remotely get a fair trial or deal. Especially when a lot of charges against you are 'stacked' if not entirely dishonest on the assumption of 'well, we're going to court anyway or making a deal so better add some nonsense on top for negotiation.' I can't find the cite, but I've read that if you get a federal arrest, you're looking at $1m starting to begin. How many of us here have $1m they can access, and even if you do, is it accessible if the feds freeze your accounts on 'suspicion?'
Probation stuff, who knows, but he was already being sieged by LE, so who knows what is happening here. There's no shortage of probation horror stories like one's officer cancelling at the last minute or changing location, and other things to guarantee missing meetings. And eventually you can break a man entirely and he'll stop being functional, and he'll fail at a lot of basic things. The stress here can trigger extreme mental illness. I'm a fairly delicate person and if this happened to me, the stress would entirely break me. I'd fall into deep depression. So there's complexity with "he missed x appointment" and "he missed x payment," that's worth exploring.
The government telling you that you can't use a computer of any kind without a keylogger is insane and should be fought entirely. Computers are like paper nowadays. "Everything you write and do should be sent to LE" is unacceptable. Computers arent optional anymore. Everything we do is computer or app based. Also we dont know his motivation for making a private vm or using an iphone. Keeping valuable information about himself from LE for example or hiding a medical condition or heaven knows what else. This is why privacy and speech and rights between you and your counsel are so protected but "We get all your computers" sidesteps many of those protections.
Yes, he's a criminal but he doesn't deserve to be treated like this. These, and his past, are simple white-collar crimes, but he got the bully treatment.
Yes these are 'standard' because they maximally oppress working class people (note very wealthy people just buy themselves out of the above) with the thin veneer of legitimacy. The wealthy, capital owning class, etc if arrested like this just shrug this stuff off usually, and uses its connections and wealth to get ideal terms, but nobodies like this have no chance. The federal government conviction rate is over 90% not because of merit, but because of this kind of bullying and dishonesty and oppression. Imagine if we were discussing near any other nation with a 90+ percent conviction rate, you'd balk and know its corrupt, but we're the same in this regard.
I wish digital culture was more liberal-libertarian like it used to be, than the hard-right turn its made in the past 15+ years. LE does not need a 'devil's advocate.' The accused do. I dont care if liberalizing the above makes more criminals get away with. I'd rather this guy go free, even if he's super guilty, than accept the above as acceptable in our justice system. All this for what's essentially mostly-harmless white collar crime.
Not to mention the incredible violence here for a non-violent crime. Armed LE more or less besieged his home. I'm not sure why people knee-jerk to defending any of this. I hope a new liberal-libertarian movement emerges in tech because I feel like we've lost our way.
No. He wasn't convicted of a cannabis offense. He was convicted of a fairly grave computer fraud/abuse claim, and part of the contract of his early release from federal custody was a set of terms that included monitoring and sobriety. He allegedly violated those terms, and you stipulate those violations here. Like any parolee, he's being put back into custody.
Why is that added, there's an agenda there. Why does "sobriety" matter in a computer crime? This is oppression and this (plus the other conditions) simple set up people like this for a fall.
> Why does "sobriety" matter in a computer crime?
The sobriety violation was against his parole terms. People on parole are required to remain sober as drugs like cannabis impair judgement.
He agreed to the parole terms and then violated them.
Regardless, you could strike the cannabis part from this completely and it wouldn’t change anything. He has numerous other parole violations.
Not a fan of this kind of thing, and I think that weed should be legal, but don't forget that federally, it is still illegal, and "don't do illegal stuff while out on parole" at least has a pretty basic logic to it.
Booze is legal, and parole can limit your drinking. By law.
If you don't like the terms of parole, you are permitted to refuse it and remain incarcerated for your full sentence, at which point you are released and there are no parole restrictions at all. Parole is "you agree to behave and they release you early". And "behaving" is whatever they want it to mean.
Sure, I'm just saying that you don't need to reach for "Why does "sobriety" matter in a computer crime?" to get at why this might be a term of parole.
I mean, he was also forbidden from opening up lines of credit (he was in the middle of negotiations with DOJ on making restitution to his victims), something that is perfectly legal and benign --- nonetheless, he was not allowed to do so as a condition of parole.
Sobriety is a boilerplate parole term. Everybody gets it. If you don't want to comply, you don't accept parole, and you serve your sentence.
You forgot to mention that in the hearing linked on the Reddit post it is shown that he made a search about a pedophile association as well right before downloading Spice.
Page 28, lines 3 to 8 on https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...
Okay, and? That ain't illegal, and in fact has many benign explanations (like “I just watched South Park and was curious about whether there really is a North American Man/Boy Love Association like in that one episode”).
Or "I just saw it in a reddit comment, have never heard of it, and want to know what it is before I dismiss this person as a pedo"
i’ve made the same search multiple times before late at night and i am not a pedophile, just a wikipedia/history deep diver
e: really? why am i downvoted for this
This was his last non-obfuscated internet traffic before he switched to his VM.
This needs to be higher up, it is very damning
This always happens though. Every time someone is thrown in a cage unjustly, the state tries to redirect us (yes, us, here in this forum and others like it) to look at other details of the situation, whether it's details of the person's political or personality or, in this case, details of this (also seemingly unjust) probation violation.
Who cares if he smoked weed or installed a VM or evaded a government keylogger? Those are all really shitty reasons to put someone in a cage, whether it's couched as "probation terms" or not.
I'll steelman the unpopular position: I think sobriety is a reasonable condition of freedom for someone with psychiatric self-control issues, that have lead them to commit felonies in the past.
Vandalizing your employer's infrastructure over a grudge is, I suggest, strong evidence of a major impulse control issue. It think it makes sense and is in the public interest, draconian as it is, that this person shouldn't be allowed to get high and have unmonitored internet access. The same place they've committed felonies before, on impulse.
Further context: his own defense lawyer filed a motion asking a court to find this guy mentally incompetent to stand trial,
https://www.govinfo.gov/app/details/USCOURTS-txed-4_19-cr-00...
> I think sobriety is a reasonable condition of freedom for someone with psychiatric self-control issues, that have lead them to commit felonies in the past.
Were he high on weed, maybe he'd not commit the felony in the first place. Yeah, banning him from alcohol is fine, from stimulants broadly - also OK, but weed? Honestly? How often, statistically speaking, does smoking weed make a person aggressive? While this person may be an outlier, without precise information on it, I'd say the ban on weed is as sensible as a ban on butter or relanium. If it doesn't serve any obvious purpose (like with alcohol: being drunk makes you do stupid things more often), then maybe it's really just a way of harassing this person?
Weed for normal people isn't a big deal, but weed for people on the cusp of mental illness or even just mental unwellness can exacerbate whatever issue they are facing.
Alcohol on the other hand mostly just knocks you out from doing anything too cerebral after you pass the ballmer peak. I say this as a person who prefers weed to alcohol 100x.
> Alcohol on the other hand mostly just knocks you out from doing anything too cerebral after you pass the ballmer peak.
That's pretty minimizing of alcohol's contribution to violent acts (bar fights, escalating disagreements at supermarkets/etc, domestic violence) as well as vehicle collisions.
One important thing to remember is parole is not freedom. He was still serving a sentence for his crime.
> the state tries to redirect us (yes, us, here in this forum and others like it) to look at other details of the situation
Isn't the reddit post doing the same thing by trying to imply he was jailed for running a TOR node when he was officially jailed for breaking parole terms? Even if they think those were just excuse to jail him, the refusal to acknowledge those details makes the account at least deceptive.
Well yes, I do agree with this. I wish people were more up front in these situations. But it's not easy because the waters are so muddied. But yeah, you're absolutely right (typing that phrase now makes me feel like an LLM).
It seems like those are very easy terms to follow, that he agreed to.
If someone who did some serious stuff, couldn't follow easy terms, it is cause for concern.
I've helped people released onto parole for years. It's tough. The terms might seem easy, but often aren't in practice. Most people have a history of addiction and/or mental illness and suddenly they are thrown into a world where everything is available for a price, and any medical help they were given is suddenly taken away and the life where everything was done for them (food cooked, clothes washed) is gone.
The majority are returned to prison within days/weeks/months of release.
Parole terms aren't usually up for negotiation. It's generally parole or stay in prison. You can agree to the terms offered, but it's a coercive agreement, so I wouldn't put much weight on the parolees agreement. That said, I agree the terms seem reasonable.
But even if you stay in prison for your full term, you're likely to have supervised release which has similar terms.
I'm reasonably anti-carcerial, but he did actually commit a crime, and one of the conditions of release from that crime was agreeing not to do those things - that's what probation means - an agreement he promptly broke.
There has to be some penalty for noncompliance or you get more of it.
He used encrypted services to commit a bunch of crimes. He was then released on the condition that he would no longer use the encrypted services that he used to commit the crimes with. He then lied and used those encrypted services anyway. It's really that simple.
I am absolutely NOT a fan of "tough on crime" type stuff. By and large I feel the US criminal justice system is an inhumane cruel monstrosity. But the conditions were not all that unreasonable (except the weed stuff) and all of this smells of bad faith on the part of this couple.
You care if he was a pedo?
Go check page 28, lines 3 to 8 on https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...
Summary: He was logged doing a search for the "North American Man/Boy Love Association", and then after downloaded some kind of VM access/TOR software the logging ended.
I'm surprised this isn't mentioned much here, there's a lot of reddit comments that picked up on this and the OP (self-identified as the wife) isn't replying to any, only the ones that fit her story.
https://old.reddit.com/r/TOR/comments/1ni5drm/the_fbi_couldn...
The OP here also downplays a lot of what the husband did. He was on probation from DDOSing and then physically damaging company equipment after he was fired. Then on probation from that he smoked weed, ghosted his probation officer, broke the terms.
Well of course. So try him on that.
It's very important to get the official source on this one. Husband was legally restricted and being monitored by the FBI, so he decided to go install a VM to bypass the monitoring. It's not so much bravery against authority as it is hubris that got him 3 years.
https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...
Yeah, that is a significantly more damning then what was given by his wife on Reddit. While SPICE is a normal means to interact with VMs, the defense couldn't offer any legitimate reason for him to be using one. They didn't even make an attempt to. They only established that the monitoring company couldn't say for certain that it was used explicitly to bypass the monitoring.
Also that it occurred right after the search mentioned on Page 28. It's a really bad look.
Since it seems to have been glossed over in the court transcript, can anyone explain how exactly a VM or client for remote VM could be used to bypass the monitoring?
Wouldn't the monitoring software capture any application's network activities, including a client for a Remote VM? I'm imagining something like Wireshark?
A VM would bypass monitoring software installed on devices the person uses. A VPN would obscure their traffic such that it is encrypted and not easily monitored. Even something like SSH is encrypted and not straight-forward to monitor, so a VPN isn't required to do this anyway.
A remote VM would combine both of these things, where the device/computer is in a location that isn't monitored and accessed by means aimed at bypassing controls in place. Activities carried out from the remote VM are then not monitored.
User + Devices -> VPN/other -> Remote VM -> Unmonitored Activities / Network Access
^ Monitoring is here, but may not capture the rest of the chain
Law enforcement would need to monitor the VM itself to monitor those activities, or I guess request logs from the provider if at all possible.
There's a limit to how much you can monitor someone and I assume there's a degree of good faith in cooperation with these controls. Failure to comply, seemingly, has severe consequences.
> A VM would bypass monitoring software installed on devices the person uses.
Not really, no: a VM is just another userspace application and a monitoring software should be able to capture its traffic just fine. If he was also using a VPN, tor or conneting to a remote machine that's another story, but only saying he was using a VM doesn't really mean much.
Okay, that makes sense. But the monitoring software should capture the connection request to the VPN or Remote VM?
Monitoring software installed at the OS level can monitor both traffic and what applications generate it. But if the traffic is coming from a VM, it can only do the former.
This was posted only a month ago: https://thereader.mitpress.mit.edu/the-secret-history-of-tor... (https://news.ycombinator.com/item?id=44838378)
The article provides a good foundation for opposing arguments.
Excerpting:
> The researchers wanted to find a way to do the seemingly impossible — to give the military the benefits of a global, high-speed communications network without exposing them to the vulnerabilities of the metadata that the network relied on to operate.
> ...
> There are other implications, as well. For a CIA agent to use Tor without suspicion in non-U.S. nations, for example, there would need to be plenty of citizens in these nations using Tor for everyday internet browsing. Similarly, if the only users in a particular country are whistleblowers, civil rights activists and protesters, the government may well simply arrest anyone connecting to your anonymity network. As a result, an onion routing system had to be open to as wide a range of users and maintainers as possible, so that the mere fact that someone was using the system wouldn’t reveal anything about their identity or their affiliations.
> ...
> Anonymity loves company — so Tor needed to be sold to the general public. That necessity led to an unlikely alliance between cypherpunks and the U.S. Navy.
> The NRL researchers behind Onion routing knew it wouldn’t work unless everyday people used it, so they reached out to the cypherpunks and invited them into conversations about design and strategy to reach the masses.
To those who say TOR, VPN, Signal, GrapheneOS or <replace with any privacy tool> is dead, we should use more of them not less. Today privacy became crime because the tech crowd (including many in HN community) ignored slow eradication of our fundamental freedom by evil companies like Apple (Yes, Apple. Don't forget they worked with NSA.) and Google. If crowd like HN is seduced by new AI enhanced, costly and locked phones, then how can a regular citizen understand freedom or privacy?
Freedom is being taken away by govt, because we are making choices that surrender it.
I've seen this other cases like this.
1. The fbi asks you to be an informant or "cooperate" with an investigation in some way.
2. If you refuse, they investigate you, and basically throw the book at you.
Every government agency works this way to the extent that they are able to.
Your local building commissioner or whatever just has a lot less money and muscle on tap and much more circuitous access to court judgements in their favor than the FBI does. Differences in their strategic and tactical approach is a reflection of this.
Well, it's punching down. If you are a big corporation or otherwise have the means to fight back, you don't have much to fear.
people talk a lot about how much they're against punching down, but I don't actually see that many people itching to take on Dwayne Johnson. The fact is for humans and organizations who are punching, punching down is generally their preferred method.
The man who is the subject of the original post did indeed take on the FBI, who have then given him a figurative and possibly literal good kicking.
I didn't say there are no people who ever punch up, but nowhere near as many people who talk about it, most people punch down when they're in a punching mood.
I don’t know if you watched those videos but even if he did commit a crime the marshals are way way over the line when they arrest him.
That's par for the course in America
Law enforcement is the US is trained to use (often rapidly) increasing force to compel compliance. They are trained that this is the only way to keep themselves and partners safe.
Proportionality is law on the book. Throw enough LEO who violate this into prison, the problem solves itself over night.
Look up "killology" for more on this.
The problem with the CFAA is that it is so (IMO unconstitutionally) broad it is feasible that _every American_ has arguably violated it in some way, completely accidentally.
Thus, every time we see a CFAA charge we have to ask ourselves: "Is this an abuse of power?".
We should have better, clearer laws.
There are a lot of bogus CFAA cases but it seems like this one is within the boundaries of reasonable law enforcement if the description posted above [0] is accurate.
The quick summary is (reddit) OP's husband was fired from a job and used old unrevoked access to crash their servers, was briefly contracted to fix it before the company found out they were the source of the crash and terminated them again, then after all that he then gained access to their DR facilities and physically damaged a number of servers.
If that's true it seems like a pretty cut and dry CFAA case (with some extra normal crime on top to boot) and the main issue to take with it is the FBI using it as leverage to get him to compromise his TOR node.
[0] https://news.ycombinator.com/item?id=45262053
I can attest as a personal experience in the past that this kind of behavior is not uncommon with feds, and has happened even before the current administration. I've had a five years probation in the past for what the FBI argued that I "hacked" some company from changing the URL in specific ways, not to mention the "clear hacking tools" I had installed in my computer, e.g CCleaner. You know something is wrong when you literally have 98% chance of losing in court against the FBI. They are corrupt and incompetent.
> I can attest as a personal experience in the past that this kind of behavior is not uncommon with feds, and has happened even before the current administration
One the first comments on reddit was actually:
> … in trump's america lmao
Someone had to awkwardly point out it was biden’s america. Which makes it easier and saves keystrokes: it’s just “america, lmao”. Then other countries can be even worse so it’s “lmao”. And soon enough they are just laughing their asses off while the person is stuck in jail.
> "clear hacking tools" I had installed in my computer, e.g CCleaner
I have always wondered if they are primarily that stupid or just evil and pretending to be stupid. I am leaning towards evil.
The wife’s description of the charges is not honest. See all of the other comments which revealed a much longer list of offenses he committed.
The Reddit post is an attempt to garner sympathy by leaving out all of the actual crimes committed.
> The wife’s description of the charges is not honest. See all of the other comments which revealed a much longer list of offenses he committed.
Yeah, good point. That happens sometimes. It's sad, people just see reddit as sort of a platform of gullible people. I was just pointing out reddit's reaction, mainly.
Then my other reply was in reply to GP's own story ("clear hacking tools" = CCleaner).
[dead]
Based on the 2019 court transcript linked in the post, the reason for keeping him in jail during the pretrial are a lot more reasonable than how this is framed in his wife's post.
The FBI said he downloaded a client, here Spice, which can be used to access a VM and visited the tor project website to look into how he could download a Tor client. That happened in the 24h which followed him agreeing to electronic monitoring and voluntarily installing a spyware. They argue that he has the knowledge and mean to circumvent the monitoring he agreed to and his pattern of actions indicate he is likely to do so if left free. A huge part of the argument lies on him having agreed to voluntarily participate in his own monitoring. The CFAA charge seems to be sealed but I'm far from convinced it's a minor work related issue.
If you read the website, they keep firing their attorneys and pretending they are colluding with the government to keep him in jail. Parts of the description are frankly bizarre. It seems they are actually suffering for paranoia.
I would read the post with a huge grain of salt.
In my land of the free? No way.
The stars are asterisks.
Some are free. Some are not. __Like in good old times__
The guy did bad things and got caught. The ridiculous wife's perspective doesn't include that he e.g. DDOS'd an employer.
Your comment and the highest voted one so far are sobering perspectives. I had a feeling there was more to the story
And home of the brave.
I know this won’t be popular to say, but “guilt by association” is a real thing.
Unfortunately, Tor carries a negative connotation tied to criminal activity.
And if you're operating (like this individual) something that is perceived to be criminal in nature, you're bound to be a target by law enforcement.
Note: I'm not stating whether or not what happened to this individual is right/wrong. But this should be a cautionary warning of what might also happen to anyone if you associate with things that are perceived as criminal in nature.
Guilt by association is much more a social construct, than a legal one.
The bar for legal consequences is expected to be much higher than mere association.
It has never been perfect, nor uniformly applied in all circumstances, but it is and should remain a nominal goal of the justice system. For that to no longer be considered the case, even in a casual conversation like this, is a devastating shift of the Overton window towards authoritarianism as the norm.
Limits on association and limits on technology use are standard fare when on probation for a felony CFAA conviction.
From my understanding, guilt by association is quite valid legally when it comes to Tor exit nodes, due to the fact that other people’s traffic appears as your traffic.
It may not literally be guilt by association, but they’re two parts of the same whole in this case, right or wrong.
Guilt by association: if a group of three approaches another in a confrontation, and one person punches another then would all three be seen as violent?
>Guilt by association is much more a social construct, than a legal one.
Turning this sentence up and down, and still fail to get what it tries to convey. Law is social construct per definition, isn’t it?
>It has never been perfect, nor uniformly applied in all circumstances, but it is and should remain a nominal goal of the justice system.
No? Like, at best it is just going to pretend to be so. Then it’s actually all ruled by ambitious sociopath manipulators that take The Prince as bedtime reading, either right from the start or as soon as they can unleash their master plan.
Can anyone point to any jurisdiction in the world which puts equal duties and rights with actual associated material/logistical means on every single citizen? If no, we might be free to conclude that justice and equality are words on frontispiece of the theater, not how the leviathan is planning to actually process.
All that said, not everyone is Aaron Schwartz. Even supposing it’s only to maintain the façade, institutions do also have to act against some criminal outside of their own ruling castes.
By this logic, anyone who has had a Google Pixel and or is running GrapheneOS is guilty by association, right?
Just wanted to understand your point.
There's a big difference between being the user of something (Pixel/GrapheneOS, though I find these as weird comparisons given) and being an operator of something.
Operating an exit node is by definition you acting in the distribution of such activity (legal or not).
> By this logic, anyone who has had a Google Pixel and or is running GrapheneOS is guilty by association, right?
Yup. https://www.androidauthority.com/google-pixel-organized-crim...
The source for that article was a single cop in a single country (Spain) making an off-handed comment. The way it’s been spun as a universal concept in Europe by all of the Android blogs is misleading.
Would you predict that GrapheneOS will still be completely legal in 10 years in Spain?
Yes. I think that one comment was a flash in the pan about a particular moment in time from an officer involved in a very specific type of drug trafficking prosecutions.
The part that should really enrage you is the way people will selectively understand this based on whether they agree or disagree with the context.
If some electronics repair guy repairing vehicle ECUs in bulk who doesn't ask questions but has an inkling that they're gonna get used for emissions laws violations got rolled up on by the feds for refusing to go out of his way to help them out HN would find all sorts of ways to cheer and justify it.
But when they do it to a tor node it's bad.
Pretty sure the questions start and end with “was it illegal”.
>Pretty sure the questions start and end with “was it illegal”.
Disclaimer: I don't have any skin in this game or association with any government, any law enforcement agency, nor do I know the person discussed or (at least as far as I know) anyone who knows that person. And IANAL.
IIUC (and I may not), the guy was on probation[0], which is release from or in lieu of prison.
If someone is on probation, they are still under the authority of the (in this case Federal) judicial/prison authority which sentenced them.
It is (whether you think it's right or not) normal for restrictions to be placed upon those on probation, including random drug tests, restrictions on certain types of behavior (this is often related to the crime(s) for which they've been convicted).
Often, this also provides for warrantless searches and other privacy-invading stuff as part of the probation agreement. I'd note that (again, IIUC) that the convicted person must agree to the terms of probation or they will have to go to (or not be released from) prison to serve their (remaining) sentence.
Violation of the terms of probation (as is clearly defined in probation agreements) may result in imprisonment to complete the sentence imposed by the court after trial or (as it was in this case) a plea bargain.
I am unfamiliar with the case at hand, but sending someone to (or back to) prison for violating probation is the stick which (presumably) keeps people from re-offending and/or violating the terms of their probation, at least until they complete the term of probation.
[0] https://www.uscourts.gov/about-federal-courts/probation-and-...
When they do it to either it's bad.
As someone who works in this industry: we do ECU modification and repair and as such, have regular contact with the EPA. Our products all align with all required emissions regulation and testing, which is why we're allowed to continue selling them. If the EPA says jump, we ask how high.
I say this because this cultural vibe of government agencies kicking in your door for doing innocuous shit needs to die already, that is simply not how this happens. We get letters, we get calls, VERY occasionally we get visits and said visits are scheduled weeks, sometimes months in advance. We always cooperate and the relationship, therefore, is not adversarial.
Honestly we have way more fucking problems with huckster vendors trying to fuck us out of a few extra dollars on parts than anything to do with the big scary government.
While we're at it, fuck coal rollers with a cactus.
You, you are an instance of the problem.
For any given issue, subject, industry or niche there is always a you. And you are the enablers. Multiply by every equivalent idiot and niche and that's how you get the world in which some guy gets whacked for running a tor node.
If not that it would be some other niche, maybe some guy importing gray market power equipment to the chagrin of the branded dealers would be getting whacked. If not that then it's the amish farmers getting whacked over one of their many "in letter but not spirit" compliance measures.
Yeah, in every case the letters of the law are broad enough to nail these sorts of people but that's not an outcome the general public wants except for the occasional zealot on any given subject. And the equivalent enablers would be endorsing it just as you are now.
And at the end of the day your behavior (you plural) undermines the legitimacy of these institutions and the government they serve because these are outcomes that nobody wants, but single industry enforcement enough of a back burner issue that elections mostly don't get won and lost over them so the fire just keeps smoldering year after year (fed by our tax dollars, of course).
>As someone who works in this industry
Perfect illustrative example for one of HN's favorite quotes:
"It is difficult to get a man to understand something, when his salary depends on his not understanding it"
>Our products all align with all required emissions regulation...the relationship, therefore, is not adversarial.
You might as well compare a medium company with an encrypted file share service to some 1-man package maintainer for software that does the same. Who is law enforcement gonna try and abuse?
>While we're at it, fuck coal rollers with a cactus.
A bunch of reactionary yokels are a symptom of the degree to which your ilk has undermined the legitimacy of the laws they violate and enforcement agencies they thumb their nose at, not the root cause. If society solves people like you the yokels will mostly go away on their own. That is what I seek.
> gets whacked for running a tor node.
'whacked' usually means killed. This guy was neither killed, nor jailed for 'running a tor node', but a bunch of more specifically bad, illegal shit that it would be misleading to describe this way.
The same way as describing destroying a bunch of an ex-employers data on-site causing thousands in loss is not a "workplace dispute".
> these are outcomes that nobody wants
which outcomes? these are outcomes no-one wants, but you've yet to prove they happen. It takes a lot of time to properly go through case details to determine abuse, it seems like you are very casually throwing around accusations.
> You might as well compare...
Why? they comply with the law, why does that make them 'big'? I'm sure the FBI has plenty resources to go after them, in fact, they have more to lose.
The 'one man shop' needs to comply with the law, however big or small they are.
> Who is law enforcement gonna try and abuse?
abuse? this guy says no-onw is kicking his door down, have you proof it changes for smaller setups?
they go after whoever they think is breaking the law, and not complying (providing relevant licences, proof of testing) flags you for that. Are you suggesting the small guy should fly under the radar?
> For any given issue, subject, industry or niche there is always a you. And you are the enablers. Multiply by every equivalent idiot and niche and that's how you get the world in which some guy gets whacked for running a tor node.
I am not defending at all the actions of the FBI. The FBI/CIA/NSA are overzealous law enforcement serving the will of colonial capitalism. Their history of targeting whistleblowers, activists, and technologists; like, for example, the guy running a Tor node; is well documented and deeply problematic. That same machinery has also been deployed against environmental activists, which makes the irony even more bitter that it's being cited here.
I'm defending the EPA, which in contrast, works with numerous industries, including ours, to benefit society as a whole.
The problem is this exact mindset where we insist that everything is on one massive slippery slope and there's simply no way to differentiate from proper, needed regulation, and the boot of law enforcement being deployed to fuck with the working class at scale.
We can tell the difference and it isn't difficult, it simply requires thinking which an unfortunate number of voters don't like doing.
> "It is difficult to get a man to understand something, when his salary depends on his not understanding it"
Completely backwards. There is a LOT of money to be made circumventing emissions regulations, which is why almost every OEM has been caught with their hands in that particular cookie jar, either fingernail or wrist deep.
We COST ourselves money locking up those features because we agree with the regulations in place.
> A bunch of reactionary yokels are a symptom of the degree to which your ilk has undermined the legitimacy of the laws they violate and enforcement agencies they thumb their nose at, not the root cause. If society solves people like you the yokels will mostly go away on their own. That is what I seek.
Reactionary movements have existed for every time the Government says don't do anything since time immemorial. There is ALWAYS reactionaries because there is ALWAYS a segment of the population that never matures past the age of ten. The fact that they occasionally have a point is nothing but statistical likelihood; if you constantly say "no" to everything, by sheer chance, you will occasionally say no to something bad.
Context plays a crucial role, especially within the Judeo-Christian tradition. So much so that it serves as a foundation for the design of the modern legal system.
>> But this should be a cautionary warning of what might also happen anyone if you associate with things that are perceived as criminal in nature.
Opioid painkillers are associated with “things that are criminal in nature” because a certain segment of every society does and will suck, nearly no matter what. Does this mean that everybody in pain should just suffer and let their education, career, and family be taken from them before their time?
>But this should be a cautionary warning of what might also happen to anyone if you associate with things that are perceived as criminal in nature.
This would come off lot more legit if the current elected US president wasn't a convicted rapist and constantly promoting crypto along with his acolytes like Elon Musk.
> current elected US president wasn't a convicted rapist
Wow did this just happen today? I can't find anything about it online
/s
Found civilly liable, not criminally convicted.
they are trying to set precedent. This can kill TOR or other privacy related services in USA easily in current environment.
Several years prior I had a coworker get arrested on CSAM charges because, you guessed it, he ran an Tor exit node.
Of course there was no reporting on the Tor aspect, just “local man arrested for CSAM” in the local papers. He eventually had the charges dropped after years of court battles, but his name is forever tarnished as a result.
This particular job we had a lot of idealist folks, two of whom ran relays - they immediately ceased to do so in the aftermath of the coworker’s arrest.
> This particular job we had a lot of idealist folks, two of whom ran relays - they immediately ceased to do so in the aftermath of the coworker’s arrest
Even from the early days of Tor I remember all of the warnings to not run an exit node in a country where internet activity was likely to lead to prosecution.
Running any sort of proxy (including Tor exit nodes) allows other people’s traffic to appear as your traffic. That’s the entire purpose of the software. You’d have to be willing and able to handle the consequences of any traffic any other person decides to send through the system.
If you run a Tor exit node, it is quite possible that you will end up downloading things on behalf of other people. CSAM carries strict liability charges.
Seems not to if you're working at an AI image generate company.
https://cyber.fsi.stanford.edu/news/investigation-finds-ai-i...
https://www.techpolicy.press/laion5b-stable-diffusion-and-th...
Someone somehow downloaded the images in LAION 5B to do the actual training, and we know that thousands of these images contained illegal content.
Where's the strict liability? Everyone who ever downloaded and ran Stable Diffusion 1.5, or even Lora's from it, could in some way be held "strictly liable" for the fact that you are simply one prompt away...
Reminds me of a similar case against Dmitry Bogatov in Russia in 2017, it was a big deal back in the day (though of course times have drastically changed and now something like this wouldn't even appear in the news over there).
That's not the key precedent they are setting. They are working on a much more important case: Making the population understand that disobedience will result in punishment
Isn't this the goal of most laws?
The goal of the laws is that you have to obey the laws. Here the case is that you have to obey the people holding the badges.
There's plenty of laws they write that they know the population can't reasonably comply with and give the government discretionary power to screw people. And then there's more laws that just give the government enforcement arm discretionary power to choose whether the law is applicable or exercise unilateral judgement regarding whether compliance is satisfactory.
Your local zoning code is probably chock full of them. And if not there then your local stormwater/runoff rules probably have a bunch of examples too.
Federal stuff is much more highly litigated so you don't see as much of it there. State is a middle ground.
[dead]
You can beat the rap, but you can't beat the ride
I certainly sympathise, but actually don't find it at all surprising.
Tor is totally used for criminal activity. That doesn't mean it is inherently a bad thing, or that it is this guy's fault, but he can't completely wash his hands off it. If bad guys use the postal service, it's not the postman's fault, but he has to cooperate with law enforcement if they demand that.
I don't know about the US, but contempt of court is a thing in the UK at least. You can't refuse to submit evidence to court, including things like encryption keys or things only stored in your head - or face penalties including unlimited jail time.
Now, I get that this is the US so the arrest was dialled up to 11 and it seems all of this is extra-judicial - no court warrant etc. This is all very disappointing. But, to my non-expert eye running a Tor exit node is in the legal grey zone, and I guess you can't be too surprised when things like this happen.
> You can't refuse to submit evidence to court, including things like encryption keys or things only stored in your head - or face penalties including unlimited jail time.
This is a bit more complex in the US. We have the fifth amendment to our Constitution which says "nor shall [a person] be compelled in any criminal case to be a witness against himself."
So, we can't be made to testify against ourselves. This has sometimes been interpreted to mean that they can't compel cryptography keys that are stored in our brains, and sometimes has been interpreted the other way.
I'm unaware of any definitive decision that applies universally. I've heard some suggest that passphrases that are themselves an admission of crime are a workaround that ensures you can't be compelled to provide them.
Why would breaking the privacy of Tor users be self-incriminating? If anything, surely it's the evidence of innocence - whatever unsavoury websites were visited via the Tor node were Tor users, not this guy.
> surely it's the evidence of innocence
The obligation to provide evidence of self- innocence is equivalent to the obligation to provide evidence of self- guilt. Doesn't one follow logically from the other?
Not really. Protecting by law ones right to withhold information that would incriminate them is one thing. But the incarcerated guy doesn't seem to claim there's anything incriminating him in these files. He simply stated he doesn't want to share it with the cops.
My understanding is, it's not like the FBI got a warrant for this etc, and instead started flinging shit at him - which is clearly bad. But for this narrow argument, that's besides the point, IMHO (IANAL). Because in the first place, the guy simply didn't want to share this information with law enforcement. There is no claim that it incriminates him.
How that stacks up against actual US case law, I have no idea of course, but I don't see how it follows from the right to not self-incriminate.
> You can't refuse to submit evidence to court, including things like encryption keys or things only stored in your head
Out of curiosity, how does this work? If I claim I don't remember a particular password that I (provably) didn't enter for the past X months, how does the court force me to recall it? With an $8 wrench? Wouldn't that be cruel (if not unusual) punishment?
UK law runs on the "reasonable" adjective. The court would ask itself if it is "reasonable" in their own opinion that you don't have the info.
Typically it's applied to cases where the information is clearly available, like a drug dealer not remembering his daily driver laptop password, or refusing biometrics unlock. Not, we found this thumb drive within a mile of your house, decrypt it or else.
But of course the standard of "reasonableness" is murky, and you'll find plenty of cases that revolve on such contested judgment.
Idk the punishment just doesn't match the crime. Can't they just confiscate the computer? Or pressure the ISP to cancel his account? Tbh I get that the Feds are going route around and through anything that stands in their way.
Instead we're left up to state thuggery.
Conveniently left out from the wife's story is the husband's corporate sabotage, FBI monitoring circumvention, CSAM searches and many parole violations.
3 years sounds about right to me.
In the U.S. and much of the rest of the civilized world, you have rights. This includes the right to not self-incriminate (in the U.S. that's the 5th amendment). In general, except for very specific and limited circumstances, U.S. state and federal government actors cannot compel speech (telling your encryption keys is compelled speech).
The U.K. is fast sliding down the slope to being a dystopian police state. The idea that you can be jailed for refusing to provide encryption keys (except for really specific, narrowly-defined circumstances) is something that should induce nausea. I feel for you and your country, you accomplished such great things.
I just saw that president Trump is thinking about prescribing 'Antifa' as a terrorist organisation and saying that he's 'not sure' their 1st amendment rights should apply.
I'd be a little more concerned about the state of US at this point.
We've already done that in the UK with a certain pro-palestine organization.
The husband was also caught Googling NAMBLA related keywords at 2am in the morning...
This guy didnt get arrested due to anything about running a Tor node.
He's likely a pedo who also violated his parole.
A good example of why people support smaller government.
As evidenced by recent developments, smaller government these days seems to mean less controls for businesses and the government but many more controls on citizens.
I know very little about cybersecurity, but my understand of TOR is that a node host wouldn't be able to offer much about the traffic coming across their server(s). The packages are encrypted and there is no entry or destination info, so he may be able to say how much traffic was coming across, but what else could he possibly know? Info on other nodes?
the Bureau can't see the traffic but they have keyloggers on all of his systems. He tried bypassing them with Spice but failed and otherwise got logged getting onto Tor and searching for dubious things
This is just extremely one sided. He intentionally sabotaged his ex employers computer systems, was hired to fix them, was caught as the original cause of the problem, fired again, then used a back door to take down their systems again. He plead guilty to this in 2014.
He was on probation and required to use monitoring software as a condition of being let out of jail early, he had a secret iphone he used to access the internet that was not monitored, so his probation was revoked. He wasn't arrested again, his probation was revoked.
The wife's account focuses on a ton of irrelevant details, the above is sufficient to explain the entire situation.
Since when did private monitoring on private property become de facto right for government to surveil? That is like saying if you have a car or computer the govt has a right to use it when they want to.
Oh boy, wait until Palantir makes a unified database of everyone, they won't even need to have a previous offense, they can make one based on all the collected information or even based on your behaviors. Great times ahead!
>> wait until Palantir makes a unified database of everyone, they won't even need to have a previous offense, they can make one based on all the collected information or even based on your behaviors.
Well, I hear that if you make being gay a crime again, you cut off the head of palantir.
Prayer can do amazing things, including curing homosexuality. See Thiel's exploration of the "Antichrist".
I remember when I used to think Thiel had libertarian values!
> Prayer can do amazing things, including curing homosexuality.
Money can do a lot more things, including inducing hypocrisy, double standardism and blindness.
Running a Tor exit node in the US is very risky for obvious reasons, and if doing so, it's just a matter of time before the operator gets to see the unfriendly side of the feds. Heck, even running a torrent node serving copyrighted movies/shows/music is too risky in the US. If you want to do these things while having a sane life, at least host them abroad, and anonymously.
Could Tails saved him?
Taking OP at her word, this is a horrific tale of extra-judicial abuse of an individual for refusing to cooperate with the DoJ on a matter of digital privacy. The OP wants story amplification, but to what end? The DoJ, controlled by Trump and Pam Bondi, probably think this person is getting away lightly with only a severe head wound and a comfy 3-year stay in county jail. A trial isn't necessary cops know who's bad, after all. There is already so much outrage directed at them about many other, larger scale issues, that they not only don't bend to but seem to actively feed off of it. I'm sorry to sound so hopeless, but no, there is no hope that someone elected specifically for his lack of empathy, lack of respect for rule-of-law and lack of self-restraint would ever be swayed by this story, no matter how much it is amplified. Your best bet is to fabricate a story that your husband is a fervent Trump supporter being unfairly targeted by rogue, Biden-loving elements of the FBI and an Obama appointed district judge.
We voted for this, the time to fix the problem was last November, and now we have to live with the results. It's also why I, and anyone else who values their freedom, their career, their family, needs to post such sentiment anonymously. It is NOT safe to criticize this administration.
I understand where you are coming from but I think that it is not always helpful to place everything on one administration. Calls for unity and a strengthening of the rule of law are what matter. Trump will be in for 4 years whether you like it or not, the long term protection of the rule of law should be highest priority and this case shows how it has been eroded over the last few years.
Both sides do this: the last administration had tech giants censor anyone that that promoted the lab leak theory, or any alternative to treatment other that the new vaccines. Parents interested in managing their child's exposure to sexually related material were put on watch lists.
It's not one side or the other - any group with authority has to be watched closely and rebuked when they try to expand their power.
> needs to post such sentiment anonymously
This will become practically impossible very soon if it isn't already.
"CFAA offense"
You can catch one of these by logging into your moms netflix account.
https://en.wikipedia.org/wiki/Van_Buren_v._United_States (2020):
> [Supreme Court Justice Amy Coney] Barrett ruled that for the CFAA, a person violates the "exceeds authorized access" language when they access files or other information that is off-limits to them on a computer system that they otherwise have authorized access to. The majority opinion distinguished this from Van Buren's case, in that the information that he obtained was within the limits of what he could access with his authorization, but was done for improper reasons, and thus he could not be charged under CFAA for this crime.
This still does criminalize logging into your mom’s Netflix account, probably (?), but at least browsing HN on your work computer not covered anymore.
If you steal your mom’s password without consent and she argues that you accessed information on the account that you were not authorized to see, maybe.
However the quote on its own is not necessarily true without further qualifications as mentioned above.
No, it's about logging in to someone else's account against the Netflix ToS. Netflix doesn't want you to access their computer systems that way.
> However the quote on its own is not necessarily true without further qualifications as mentioned above.
It's absolutely true, you're accessing an unauthorized account. All law enforcement need to do is ask you, did you access an electronic account that was not yours ?
Nuance will be ignored when it suits them.
Some of the CFAA has been dialed back by the courts, but CFAA is a federal level offense. The scarier ones exist at the state level, e.g. Illinois specifically criminalizes violating the terms and conditions of a web site.
Insert joke about federal agents shooting dogs...
3 years of pretrial detention for anything less than blowing up a building should be enough to enrage anyone. Even then, the legal system would be a failure.
How is 3 years pretrial not blatantly unconstitutional and thrown out immediately?
https://www.crimlawpractitioner.org/post/some-things-cannot-...
New Yorkers spend an average of 10 months in pretrial detention. This kind of abuse is routine in the American system, and by and large Americans want it that way for their usual reasons about "crime".
I've known dozens of people in pretrial for a decade or more, it's not uncommon. Some are acquitted, most plead out or are found guilty of something at trial.
Under US law, pretrial detention is not prison. You are technically not being "punished" even though generally the conditions in pretrial are vastly worse than in prisons. (I did a deposition with a jail warden once and asked him why this was: "Because these facilities are designed for the average stay, which is 30 days if you run the numbers. Sure there are people here for a decade, but most people pay their bail within 24 hours.")
Technically most states have pretty short Speedy Trial statutes which require the gov to try you within several months of arrest. This almost universally doesn't happen because the defendants don't have all the information necessary for their defense, and because they want to run motions to try and quash any existing evidence.
Ah, you must be new here. All kidding aside, the "Global War on Terror" was the impetus for all of the surveillance and associated persecution of innocents without due process. Always disappointed, never surprised.
And the Global War on Terror wasn't even the first American War on Due Process. Remember the War on Drugs? It is mostly forgotten but the civil forfeiture remains as its legacy.
You've had people in jail for over a decade at the judge's discretion because the judge didn't believe them.
https://en.wikipedia.org/wiki/H._Beatty_Chadwick
And this in a civil matter!
Contact eff.org
Extremely worrying precedent if true. I'm frankly surprised there aren't any documented cases of this happening to Tor,I2P,Wireguard etc developers.
So they got him on a minor CFFA charge. Was anyone from Anthropic jailed for torrenting millions of books?
I agree on the massive automated copyright infringement. This case isn’t as minor as the guy’s wife would have us believe.
A "minor charge" of destroying his employer's network?
Interesting, Trump administration pardoned Ross William Ulbricht who run drug dealing business specifically because it was done behind Tor using cryptocurrency. So this was a one off?
This sounds awful lot like Middle Eastern mafia stuff, where it's technically illegal to do some things but you can do a lot of things if you are aligned with the people in power.
I have no idea what this person was up to but this selective treatment(if true) smells very bad. IIRC behind the release of Ross there was some libertarian NGO or something, maybe contact them?
> This sounds awful lot like Middle Eastern mafia stuff, where it's technically illegal to do some things but you can do a lot of things if you are aligned with the people in power.
This didn't work out for SBF, but you can clearly see this process being set up for other people.
>there was some libertarian NGO
That was the National Libertarian Party and the party chair was forced to resign in disgrace shortly after, due to accusations of kickbacks and embezzlement.
https://thirdpartywatch.com/2025/01/25/mcardle-resigns/
The pardon was specifically a campaign promise to libertarians, and likely little more than that.
Even if this Administration is friendly to Tor (which I doubt), the FBI is a very large organization and installing a new head doesn't magically make current caseload at the agent level go away. There are still Biden-era and even Trump v1 era investigations likely still open and active there.
> Interesting, Trump administration pardoned Ross William Ulbricht who run drug dealing business specifically because it was done behind Tor using cryptocurrency. So this was a one off?
Didn't Ulbricht get pardoned for being a hero of the cryptocurrency-bros, as kind of a deal to get support from the Libertarians in the election? I think he was a one-off, or at least part of a small category that doesn't extend to cryptography and privacy idealists.
Right, I was hoping that this will set some kind of precedent for legitimizing Tor.
He still did a decade in the slammer. I think his sentence was excessive, since he never directly harmed anyone.
> Months later, the government arrested him. Their official reason? A minor, non-violent CFAA charge from an old workplace dispute that had nothing to do with Tor.
This is exactly the argument for privacy to people who say "I have nothing to hide". Authoritative governments will always find a reason to dig something up and the less privacy you have the easier it will be.
As a side note it sickening to see USA government doing this arrest straight out of gestapo/kgb playbook.
Privacy is not a deterrent to that.
The state does what it wants and in the end it doesn't even need an excuse.
An excuse is a nice to have, but that's it.
>The state does what it wants and in the end it doesn;t even need an excuse.
It doesn't need an excuse because people let it not need an excuse.
Every idiot, even on HN, heck, particularly on HN and other places where demographic factors result most never having been the target of government or think that they would be, is perfectly fine with it when the government behaves this way in pursuit of things they agree with. And so the only people complaining about any one government abuse are the small minority that care all the time plus whatever group care about the specific issue.
If people would stop being two faced snakes and have some principals and stand by them the problem would decrease on its own. But that's like saying "just go as fast as light", it's not a tractable problem.
The state has more power and therefore does what it wants.
Anything other than that is just wishful thinking.
> This is exactly the argument for privacy to people who say "I have nothing to hide"
People who say this will not be swayed by any argument. What they are really saying is "I don't want to think about this".
There's a truth I've come to accept in recent times: The vast majority of people are not able to extrapolate from their immediate personal situation. If they are not effected by something right now in a way they personally feel, they do not and will never care.
Once you accept that fact, so many things make so much more sense in this world. The whole MAGA movement explains itself, the complete disregard of climate change or even local environmental issues make sense and the complete ignorance of privacy issues. The only way to sway these people is when they are personally affected. So consider this Truth the next time you find out a service has been collecting private information in an unsecured S3 Bucket.
[dead]
[dead]
[flagged]
Federal cases are generally at least partially unsealed once the defendant is arrested. Especially since the charge is supposedly workplace related not terrorism etc, then someone should be able to pull the case in PACER and at least find out the basic details.
It looks more like he got injured when tackled, but the one guy blocking the camera with his body really makes it hard to tell if they're putting work in or just holding him down. Knowing cops, probably a bit of both.
Some people are like Alex Jones...
Is it being like Alex Jones to not immediately trust an outlandish one-sided story which hides extremely relevant points?
[flagged]
[flagged]
[flagged]
Just another day in the police state.
It's unsettling how quickly things are escalating.
Indeed, these past few years have really recontextualized The Handmaid's Tale for me from an alternative history fantasy to an almost run of the mill "20 minutes into the future" fiction.
Atwood didn’t write it as a possible dystopian future. Every facet of the story takes place somewhere in the world right now. She has pointed this out herself on social media.
I'm not sure this has anything to do with the current president. This type of cowboy judge shit has been happening for decades, we just rarely hear about it.
He is also a former President
Quickly? They've been doing this stuff to anyone that dares cross them for as long as I've been alive.
Nothing about this was quick. 2015 was the first time we had an increase in authoritarianism in the public debate.
Project 2025 was announced in 2023.
The patriot act was a pretty major increase in authoritarianism in 2001. We've been on this particular slippery slope since the start of the cold war.
Fair point. Just noting that we're in the middle of a blitz.
[flagged]
We all commit three felonies a day.
What are the most common felonies committed by average people going about their lives?
This is exactly right. At any given time, the feds or government could come after you and find _something_ to charge you with.
I don't normally agree with this man, but he is dead right. There are too many fucking laws.
https://www.theatlantic.com/ideas/archive/2024/08/america-ha...
Georg Felonies with his 342,034,432 daily felonies is an outlier and should never have been counted.
If anyone here has investments in US dollar denominated assets, move them out of the country. The US is entering a death spiral.
I left the US 10 years ago when Obama was still president. It's been obvious to me that we've been in decline for decades. The state of the US is not surprising to me. It is however still shocking and sad to see.
At least the troops will have short hair: https://www.newsnationnow.com/us-news/military/military-faci...
This is unbelievable! How in the world! Why they do that ?! Because the police were frustrated????!
You clearly never seen police dashcam videos in the US. Besides the corruption and stops for "hunt missions", a lot of times it's simply because you shattered their ego, even with a simple laugh: https://youtube.com/watch?v=NqJdt9_1XSw
Dashcam videos show cops abusing power and being on a power trip in various ways, some mildly annoying and some outrageous.
This is also why mobile phone camera tech led to BLM as more and more people became aware of how police act when they think nobody is watching.
Mobile tech didn’t lead to Black Lives Matter. What even are you saying? People were recording the police way back during the Fergusson Mo protests.
I think you are being sarcastic, but in case you weren't, in 2014 60% of adults in the US owned a smartphone, so my point stands. Videos of police misconduct were already widespread before that. Someone took video of the killing of Eric Garner, etc.
Do you think Michael Brown and the Ferguson protests didn’t contribute to the BLM movement?
No.
The court did reject qualified immunity.
https://www.youtube.com/watch?v=isYZoFrIeo0
However, the poor guy only defeated criminal charges on appeal!
But the police/courts would never do something like this... https://news.ycombinator.com/item?id=12073390